Dears I have a problem with 4.4.22.3 on kernel 3.0.4 and with two providers. Problem was revealed when the next to the LAN segment (eth0) I connected the new WLAN segment (eth4). When I add eth4 after eth0 to COPY column of both providers, Shorewall crashes, and when there is no eth4 interface in COPY column, the new segment has no flow via any of the providers. Crash is because of try add duplicate route to providers routing tables. In main table there are originally the following routes for connected segments:> 255.255.255.255 dev eth0 scope link > 255.255.255.255 dev eth1 scope link > 255.255.255.255 dev eth4 scope linkWhen Shorewall is trying to copy routes for eth0 as for eth4 to provider table, obtains from netlink error:> RTNETLINK answers: File existsand crashes. Ofcourse, workaround is simple: copying routes manually in started script. But it is not elegant. Anyone know other solution? Best Regards -- Andrzej Odyniec ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Nov 17, 2011, at 10:31 AM, Andrzej Odyniec wrote:> Dears > > I have a problem with 4.4.22.3 on kernel 3.0.4 and with two providers. Problem > was revealed when the next to the LAN segment (eth0) I connected the new WLAN > segment (eth4). When I add eth4 after eth0 to COPY column of both providers, > Shorewall crashes, and when there is no eth4 interface in COPY column, the new > segment has no flow via any of the providers. > > Crash is because of try add duplicate route to providers routing tables. In > main table there are originally the following routes for connected segments: > >> 255.255.255.255 dev eth0 scope link >> 255.255.255.255 dev eth1 scope link >> 255.255.255.255 dev eth4 scope link > > When Shorewall is trying to copy routes for eth0 as for eth4 to provider > table, obtains from netlink error: > >> RTNETLINK answers: File exists > > and crashes. > > Ofcourse, workaround is simple: copying routes manually in started script. But > it is not elegant. > > Anyone know other solution? > > Best RegardsPlease see if this patch resolves the issue: patch /usr/share/shorewall/Shorewall/Providers.pm < PROVIDER1.patch Thanks, -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Nov 17, 2011, at 10:31 AM, Andrzej Odyniec wrote:> Dears > > I have a problem with 4.4.22.3 on kernel 3.0.4 and with two providers. Problem > was revealed when the next to the LAN segment (eth0) I connected the new WLAN > segment (eth4). When I add eth4 after eth0 to COPY column of both providers, > Shorewall crashes, and when there is no eth4 interface in COPY column, the new > segment has no flow via any of the providers. > > Crash is because of try add duplicate route to providers routing tables. In > main table there are originally the following routes for connected segments: > >> 255.255.255.255 dev eth0 scope link >> 255.255.255.255 dev eth1 scope link >> 255.255.255.255 dev eth4 scope link > > When Shorewall is trying to copy routes for eth0 as for eth4 to provider > table, obtains from netlink error: > >> RTNETLINK answers: File exists > > and crashes. > > Ofcourse, workaround is simple: copying routes manually in started script. But > it is not elegant. > > Anyone know other solution?Right after I hit ''send'', I realized that the first patch was incorrect. Here''s a corrected copy. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
Tom Eastep wrote:> Right after I hit ''send'', I realized that the first patch was incorrect. > Here''s a corrected copy.Thanks. For me is not so simple to patch it, because I work on Devil-Linux, which is Read/Only. I must build full system with this patch, so this need next opportunity. I have another question, but in separate thread. Best Regards -- Andrzej Odyniec ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
I wrote: > Tom Eastep wrote: >> Right after I hit ''send'', I realized that the first patch was incorrect. >> Here''s a corrected copy. > > Thanks. For me is not so simple to patch it, because I work on > Devil-Linux, which is Read/Only. I must build full system with this > patch, so this need next opportunity. I''m sorry that it took so much, but only now I could update the firmware on this router. Indeed, this patch fixes the problem. Thanks. Best Regards -- Andrzej Odyniec ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev
On Jan 3, 2012, at 9:24 AM, Andrzej Odyniec wrote:> I wrote: >> Tom Eastep wrote: >>> Right after I hit ''send'', I realized that the first patch was incorrect. >>> Here''s a corrected copy. >> >> Thanks. For me is not so simple to patch it, because I work on >> Devil-Linux, which is Read/Only. I must build full system with this >> patch, so this need next opportunity. > > I''m sorry that it took so much, but only now I could update the firmware on > this router. Indeed, this patch fixes the problem. Thanks.Glad to hear that it worked for you. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox