Kostas Kavourakis
2011-Sep-16 09:55 UTC
Problem with TC initialization in versions 4.4.23 and higher
Hi, I stumbled upon a problem with that manifests itself starting from
Shorewall version 4.4.23 and higher (tried already 4.4.23.1 and 4.4.23.2).
If I set "TC_Enabled=Shared" in Shorewall6''s shorewall.conf,
it fails to
start with the following output:
----------------------------------------------------------------------
# shorewall6 start
Compiling...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Compiling /etc/shorewall6/zones...
Compiling /etc/shorewall6/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /usr/share/shorewall6/action.Drop for chain Drop...
Compiling /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs...
Compiling /usr/share/shorewall6/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
Compiling /usr/share/shorewall6/action.Reject for chain Reject...
Compiling /etc/shorewall6/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling /etc/shorewall6/tcdevices...
Compiling /etc/shorewall6/tcclasses...
Compiling /etc/shorewall6/tcrules...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall6/rules...
Compiling /usr/share/shorewall6/action.AllowICMPs for chain %AllowICMPs...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Optimizing Ruleset...
Creating ip6tables-restore input...
Compiling Interface forwarding...
Shorewall configuration compiled to /var/lib/shorewall6/.start
/var/lib/shorewall6/.start: line 1592: syntax error near unexpected
token `else''
/var/lib/shorewall6/.start: line 1592: `else''
/var/lib/shorewall6/.start: line 1592: syntax error near unexpected
token `else''
/var/lib/shorewall6/.start: line 1592: `else''
-------------------------------------------------------------------
At line 1592 of the .start file I see these:
--------------------------------------------------------------------
progress_message2 Setting up Proxy NDP...
return 0
}
#
# Configure Traffic Shaping for ppp0
#
setup_ppp0_tc() {
progress_message " TC Device ppp0 defined."
else
error_message "WARNING: Device ppp0 is not in the UP state --
traffic-shaping configuration ski$
ppp0_existsfi
}
#
# Enable an optional provider
#
enable_provider() {
g_interface=$1;
---------------------------------------------------------------------
For some reason it fails on that "else" statement.
Anyone have a clue? Not that it does not fail if I set
"TC_Enabled=internal", but the machine runs both shorewall and
shorewall6, a shared configuration is needed.
--
Kostas Kavourakis <cca@freemail.gr>
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
Tom Eastep
2011-Sep-16 13:49 UTC
Re: Problem with TC initialization in versions 4.4.23 and higher
On Fri, 2011-09-16 at 12:55 +0300, Kostas Kavourakis wrote:> Hi, I stumbled upon a problem with that manifests itself starting from > Shorewall version 4.4.23 and higher (tried already 4.4.23.1 and 4.4.23.2). > > If I set "TC_Enabled=Shared" in Shorewall6''s shorewall.conf, it fails to > start with the following output: >...> Shorewall configuration compiled to /var/lib/shorewall6/.start > /var/lib/shorewall6/.start: line 1592: syntax error near unexpected > token `else'' > /var/lib/shorewall6/.start: line 1592: `else'' > /var/lib/shorewall6/.start: line 1592: syntax error near unexpected > token `else'' > /var/lib/shorewall6/.start: line 1592: `else'' > ------------------------------------------------------------------- > > At line 1592 of the .start file I see these: > > > -------------------------------------------------------------------- > progress_message2 Setting up Proxy NDP... > > return 0 > } > > # > # Configure Traffic Shaping for ppp0 > # > setup_ppp0_tc() { > > progress_message " TC Device ppp0 defined." > else > error_message "WARNING: Device ppp0 is not in the UP state -- > traffic-shaping configuration ski$ > ppp0_exists> fiShorewall 4.4.23 definitely broke TC_ENABLED=Shared. Please try the attached patch: patch /usr/share/shorewall/Shorewall/Tc.pm < SHARED.patch and let us know if it solved your problem. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2
Kostas Kavourakis
2011-Sep-16 18:34 UTC
Re: Problem with TC initialization in versions 4.4.23 and higher
Tom, your attached patch solved my issue, thank you very much! (this may appear unthreaded, something''s messed up with my mailing list settigns) -- Kostas Kavourakis <cca@freemail.gr> ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2