From a054f90f492653c34d8c1c6443b1b132bc9fbc22 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Fri, 26 Jun 2009 14:23:39 -0700 Subject: Added link detect to ethernet bonded vlan interfaces. (bug 4656) --- templates/interfaces/bonding/node.tag/vif/node.def | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def index c3087022..13a35b12 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -10,6 +10,7 @@ create: read flags < /sys/class/net/$VAR(../@)/flags fi sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) || exit 1 sudo ip link set "$VAR(../@).$VAR(@)" up + sudo sh -c "/opt/vyatta/sbin/vyatta-link-detect $VAR(../@).$VAR(@) on" delete: sudo ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@) comp_help: possible completions: <0-4094> Set VLAN ID -- cgit v1.2.3 From 6b20281c1638310275a17374a251e01761ad77e2 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Fri, 26 Jun 2009 14:28:30 -0700 Subject: 0.15.48+jenner28 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index b70cfbd2..46adfcb2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner28) unstable; urgency=low + + * Added link detect to ethernet bonded vlan interfaces. + + -- Mark O'Brien Fri, 26 Jun 2009 14:28:30 -0700 + vyatta-cfg-system (0.15.48+jenner27) unstable; urgency=low * Update hooks to setup config files for installing to a Xen VM. -- cgit v1.2.3 From aa2e76cd76d28b4d6464d5cf03219bf8b0c63469 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Fri, 26 Jun 2009 18:27:18 -0700 Subject: make changes to work with dhcp 4.1.0 --- scripts/netplug/linkdown/dhclient | 3 ++- scripts/netplug/linkup/dhclient | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/netplug/linkdown/dhclient b/scripts/netplug/linkdown/dhclient index a69caed3..555ff913 100755 --- a/scripts/netplug/linkdown/dhclient +++ b/scripts/netplug/linkdown/dhclient @@ -41,7 +41,8 @@ sub stop_dhclient { my $intf = shift; my $dhcp_daemon = '/sbin/dhclient'; my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = Vyatta::Misc::generate_dhclient_intf_files($intf); - my $release_cmd = "sudo $dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null"; + my $release_cmd = "sudo $dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null;"; + $release_cmd .= "sudo rm -f $intf_process_id_file 2> /dev/null"; system ($release_cmd); } diff --git a/scripts/netplug/linkup/dhclient b/scripts/netplug/linkup/dhclient index c7370841..8e50715f 100755 --- a/scripts/netplug/linkup/dhclient +++ b/scripts/netplug/linkup/dhclient @@ -41,7 +41,8 @@ sub run_dhclient { my $intf = shift; my $dhcp_daemon = '/sbin/dhclient'; my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = Vyatta::Misc::generate_dhclient_intf_files($intf); - my $cmd = "sudo $dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; + my $cmd = "sudo $dhcp_daemon -pf $intf_process_id_file -x $intf 2> /dev/null; sudo rm -f $intf_process_id_file 2> /dev/null;"; + $cmd .= "sudo $dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; system ($cmd); } -- cgit v1.2.3 From 6efa3f143978748df50f2f9dda20eb19298dc18a Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Fri, 26 Jun 2009 18:49:44 -0700 Subject: 0.15.48+jenner29 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 46adfcb2..bd946a24 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner29) unstable; urgency=low + + * make changes to work with dhcp 4.1.0 + + -- Mohit Mehta Fri, 26 Jun 2009 18:49:43 -0700 + vyatta-cfg-system (0.15.48+jenner28) unstable; urgency=low * Added link detect to ethernet bonded vlan interfaces. -- cgit v1.2.3 From e66fce16ee35ceef3d4a0bd949a2faa8000fc056 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 30 Jun 2009 18:19:15 -0700 Subject: Fix Bug 4593 zone-policy can't be deleted if zone interfaces are bridges * use new api to get active plus committed nodes --- scripts/zone-mgmt/vyatta-zone.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl index c71fc2a1..7d2206cb 100755 --- a/scripts/zone-mgmt/vyatta-zone.pl +++ b/scripts/zone-mgmt/vyatta-zone.pl @@ -339,7 +339,7 @@ $zone_chain with failed [$error]" if $error; my @all_zones = Vyatta::Zone::get_all_zones("listOrigNodes"); foreach my $zone (@all_zones) { if (!($zone eq $zone_name)) { - my @from_zones = Vyatta::Zone::get_from_zones("listOrigNodes", $zone); + my @from_zones = Vyatta::Zone::get_from_zones("listOrigPlusComNodes", $zone); if (scalar(grep(/^$zone_name$/, @from_zones)) > 0) { foreach my $tree (keys %cmd_hash) { # call function to delete rules from $zone's chain @@ -352,7 +352,7 @@ $zone_chain with failed [$error]" if $error; } # if you have local from zone, delete interface to local zone out chain - my @my_from_zones = Vyatta::Zone::get_from_zones("listOrigNodes", $zone_name); + my @my_from_zones = Vyatta::Zone::get_from_zones("listOrigPlusComNodes", $zone_name); foreach my $fromzone (@my_from_zones) { if (defined(Vyatta::Zone::is_local_zone("existsOrig", $fromzone))) { foreach my $tree (keys %cmd_hash) { @@ -433,7 +433,7 @@ $zone_chain chain failed [$error]" if $error; my @all_zones = Vyatta::Zone::get_all_zones("listOrigNodes"); foreach my $zone (@all_zones) { if (!($zone eq $zone_name)) { - my @from_zones = Vyatta::Zone::get_from_zones("listOrigNodes", $zone); + my @from_zones = Vyatta::Zone::get_from_zones("listOrigPlusComNodes", $zone); if (scalar(grep(/^$zone_name$/, @from_zones)) > 0) { foreach my $tree (keys %cmd_hash) { my @zone_interfaces = -- cgit v1.2.3 From 483b96abdf8a1b32845a6d2b44e61a4cafb66a23 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 30 Jun 2009 18:25:33 -0700 Subject: 0.15.48+jenner30 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index bd946a24..6538d8e6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.15.48+jenner30) unstable; urgency=low + + * Fix Bug 4593 zone-policy can't be deleted if zone interfaces are + bridges + + -- Mohit Mehta Tue, 30 Jun 2009 18:25:32 -0700 + vyatta-cfg-system (0.15.48+jenner29) unstable; urgency=low * make changes to work with dhcp 4.1.0 -- cgit v1.2.3 From c43e9e86ea502c455dcffac10d50304d47cad8ba Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Wed, 1 Jul 2009 16:16:10 -0700 Subject: Fix 'sh: line 1:' error ing bug 4655. --- templates/interfaces/bonding/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/interfaces/bonding/node.def b/templates/interfaces/bonding/node.def index be8baaee..53800dba 100644 --- a/templates/interfaces/bonding/node.def +++ b/templates/interfaces/bonding/node.def @@ -10,7 +10,7 @@ create: sudo sh -c "echo +$VAR(@) > /sys/class/net/bonding_masters" || exit 1 sudo ip link set "$VAR(@)" up /opt/vyatta/sbin/vyatta-link-detect $VAR(@) on delete: SLAVES=`cat /sys/class/net/$VAR(@)/bonding/slaves`; - if [ -z $SLAVES ] + if [ -z "$SLAVES" ] then sudo sh -c "echo -$VAR(@) > /sys/class/net/bonding_masters" else -- cgit v1.2.3 From d521f200be18a8f419837ebd502fd7d652598966 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Wed, 1 Jul 2009 16:17:19 -0700 Subject: 0.15.48+jenner31 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 6538d8e6..0206411b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner31) unstable; urgency=low + + * Fix 'sh: line 1:' error ing bug 4655. + + -- Mark O'Brien Wed, 01 Jul 2009 16:17:18 -0700 + vyatta-cfg-system (0.15.48+jenner30) unstable; urgency=low * Fix Bug 4593 zone-policy can't be deleted if zone interfaces are -- cgit v1.2.3 From aba4e42b4b07b856cbcff0fcf5231824fc18bb37 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Wed, 1 Jul 2009 17:46:14 -0700 Subject: Allow user to select round-robin mode. * bug 4647 * scripts/vyatta-bonding.pl --- scripts/vyatta-bonding.pl | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/scripts/vyatta-bonding.pl b/scripts/vyatta-bonding.pl index 2f2167fa..e2cc627d 100755 --- a/scripts/vyatta-bonding.pl +++ b/scripts/vyatta-bonding.pl @@ -36,19 +36,32 @@ use strict; use warnings; my %modes = ( - "round-robin" => 0, - "active-backup" => 1, - "xor-hash" => 2, - "broadcast" => 3, - "802.3ad" => 4, - "transmit-load-balance" => 5, - "adaptive-load-balance" => 6, + ## Linux bonding driver modes + 1 + ## (eg. bond driver expects round-robin = 0) + "invalid_opt" => 0, + "round-robin" => 1, + "active-backup" => 2, + "xor-hash" => 3, + "broadcast" => 4, + "802.3ad" => 5, + "transmit-load-balance" => 6, + "adaptive-load-balance" => 7, ); sub set_mode { my ($intf, $mode) = @_; + my $request_mode = $mode; my $val = $modes{$mode}; - die "Unknown bonding mode $mode\n" unless $val; + + ## Check if vaild bonding option is requested. + foreach my $item ( keys(%modes) ) { + $mode = "invalid_opt" unless( $mode =~ m/$item/); + }; + die "Unknown bonding mode $request_mode\n" unless $val; + + ## After above bonding option check, adjust value + ## to value the expected by bonding driver. -MOB + $val = ($val - 1); open my $fm, '>', "/sys/class/net/$intf/bonding/mode" or die "Error: $intf is not a bonding device:$!\n"; -- cgit v1.2.3 From 9b289da08db460061ded374c19bde7296c3f8a5c Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Wed, 1 Jul 2009 17:47:20 -0700 Subject: 0.15.48+jenner32 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0206411b..9397c21e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner32) unstable; urgency=low + + * Allow user to select round-robin mode. + + -- Mark O'Brien Wed, 01 Jul 2009 17:47:20 -0700 + vyatta-cfg-system (0.15.48+jenner31) unstable; urgency=low * Fix 'sh: line 1:' error ing bug 4655. -- cgit v1.2.3 From 6d5f6c0383509eed3f28d315fdb5be9cf66342e5 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Thu, 2 Jul 2009 12:14:37 -0700 Subject: Fix Bug 4554 check for existing firewall ruleset fails when applying it to a zone during boot * use isActive to check if firewall ruleset has been succesfully committed * fix templates to fail inside an action field when a command fails --- scripts/zone-mgmt/vyatta-zone.pl | 11 ++++ templates/zone-policy/zone/node.def | 14 +++-- .../zone/node.tag/default-action/node.def | 14 +++-- templates/zone-policy/zone/node.tag/from/node.def | 8 ++- .../from/node.tag/firewall/ipv6-name/node.def | 70 ++++++++++------------ .../node.tag/from/node.tag/firewall/name/node.def | 68 ++++++++++----------- .../zone-policy/zone/node.tag/interface/node.def | 14 +++-- .../zone-policy/zone/node.tag/local-zone/node.def | 14 +++-- 8 files changed, 119 insertions(+), 94 deletions(-) diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl index 7d2206cb..8760b6a6 100755 --- a/scripts/zone-mgmt/vyatta-zone.pl +++ b/scripts/zone-mgmt/vyatta-zone.pl @@ -689,6 +689,14 @@ sub check_zones_validity { return; } +sub check_fwruleset_isActive { + my ($ruleset_type, $ruleset_name) = @_; + my $error = Vyatta::Zone::is_fwruleset_active('isActive', + $ruleset_type, $ruleset_name); + return "Invalid firewall ruleset $ruleset_type $ruleset_name" if $error; + return; +} + # # main # @@ -739,6 +747,9 @@ my ($error, $warning); ($error, $warning) = set_default_policy($zone_name, $default_policy) if $action eq 'set-default-policy'; +($error, $warning) = check_fwruleset_isActive($ruleset_type, $ruleset_name) + if $action eq 'is-fwruleset-active'; + if (defined $warning) { print "$warning\n"; } diff --git a/templates/zone-policy/zone/node.def b/templates/zone-policy/zone/node.def index 1f8f2ffd..80e4f4e2 100644 --- a/templates/zone-policy/zone/node.def +++ b/templates/zone-policy/zone/node.def @@ -12,10 +12,16 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Zone name cannot start with \"-\"" syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Zone name cannot contain ';'" -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-zone \ - --zone-name="$VAR(@)" + --zone-name="$VAR(@)"; then + exit 1 + fi -delete: /opt/vyatta/sbin/vyatta-zone.pl \ +delete: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-zone \ - --zone-name="$VAR(@)" + --zone-name="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/default-action/node.def b/templates/zone-policy/zone/node.tag/default-action/node.def index 01714098..82a5a595 100644 --- a/templates/zone-policy/zone/node.tag/default-action/node.def +++ b/templates/zone-policy/zone/node.tag/default-action/node.def @@ -11,12 +11,18 @@ comp_help: possible completions: drop Drop silently (default) reject Drop and notify source -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=set-default-policy \ --zone-name="$VAR(../@)" \ - --default-policy="$VAR(@)" + --default-policy="$VAR(@)"; then + exit 1 + fi -update: /opt/vyatta/sbin/vyatta-zone.pl \ +update: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=set-default-policy \ --zone-name="$VAR(../@)" \ - --default-policy="$VAR(@)" + --default-policy="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/from/node.def b/templates/zone-policy/zone/node.tag/from/node.def index 5e37f9f1..4b664769 100644 --- a/templates/zone-policy/zone/node.tag/from/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.def @@ -32,6 +32,10 @@ create: echo Undefined from zone [$VAR(@)] under zone $parent_zone exit 1 else - /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$parent_zone" - /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$VAR(@)" + if ! /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$parent_zone"; then + exit 1 + fi + if ! /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$VAR(@)"; then + exit 1 + fi fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def index e34cf8c4..b1ca94bc 100644 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def @@ -7,66 +7,58 @@ allowed: echo -n ${params[@]##*/} create: - params=( `ls /opt/vyatta/config/active/firewall/ipv6-name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv6 firewall ruleset [$VAR(@)] - exit 1 - fi + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=ipv6-name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi update: - params=( `ls /opt/vyatta/config/active/firewall/ipv6-name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - echo comparing ${params[$i]} with $VAR(@) - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv6 firewall ruleset [$VAR(@)] - exit 1 + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=ipv6-name \ + --ruleset-name="$VAR(@)"; then + exit 1 fi # need to undo previous ruleset here first - old_ruleset=`cat /opt/vyatta/config/active/zone-policy/zone/$VAR(../../../@)/from/$VAR(../../@)/firewall/ipv6-name/node.val` - /opt/vyatta/sbin/vyatta-zone.pl \ + old_ruleset=`cat /opt/vyatta/config/active/zone-policy/zone/$VAR(../../../@)/from/$VAR(../../@)/firewall/ipv6-name/node.val` + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=ipv6-name \ - --ruleset-name="$old_ruleset" + --ruleset-name="$old_ruleset"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)" + --ruleset-type=ipv6-name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi delete: - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def index 56df6a19..46328f0f 100644 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def @@ -7,65 +7,59 @@ allowed: echo -n ${params[@]##*/} create: - params=( `ls /opt/vyatta/config/active/firewall/name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv4 firewall ruleset [$VAR(@)] - #exit 1 - fi + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi update: - params=( `ls /opt/vyatta/config/active/firewall/name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv4 firewall ruleset [$VAR(@)] - exit 1 - fi + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi # need to undo previous ruleset here first old_ruleset=`cat /opt/vyatta/config/active/zone-policy/zone/$VAR(../../../@)/from/$VAR(../../@)/firewall/name/node.val` - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$old_ruleset" + --ruleset-name="$old_ruleset"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi delete: - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/interface/node.def b/templates/zone-policy/zone/node.tag/interface/node.def index 824d3cda..845a5e8c 100644 --- a/templates/zone-policy/zone/node.tag/interface/node.def +++ b/templates/zone-policy/zone/node.tag/interface/node.def @@ -5,12 +5,18 @@ allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=all | sed -e s/'lo '// create: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --warn -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-zone-interface \ --zone-name="$VAR(../@)" \ - --interface="$VAR(@)" + --interface="$VAR(@)"; then + exit 1 + fi -delete: /opt/vyatta/sbin/vyatta-zone.pl \ +delete: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-zone-interface \ --zone-name="$VAR(../@)" \ - --interface="$VAR(@)" + --interface="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/local-zone/node.def b/templates/zone-policy/zone/node.tag/local-zone/node.def index 77a49771..4b045302 100644 --- a/templates/zone-policy/zone/node.tag/local-zone/node.def +++ b/templates/zone-policy/zone/node.tag/local-zone/node.def @@ -1,9 +1,15 @@ help: Set zone to be local-zone -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-localzone \ - --zone-name="$VAR(../@)" + --zone-name="$VAR(../@)"; then + exit 1 + fi -delete: /opt/vyatta/sbin/vyatta-zone.pl \ +delete: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-localzone \ - --zone-name="$VAR(../@)" + --zone-name="$VAR(../@)"; then + exit 1 + fi -- cgit v1.2.3 From 0cda41fe5488cd4e158e1c45ad0b12c341047c17 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Thu, 2 Jul 2009 12:19:50 -0700 Subject: 0.15.48+jenner33 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 9397c21e..44f8fa2f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.15.48+jenner33) unstable; urgency=low + + * Fix Bug 4554 check for existing firewall ruleset fails when applying + it to a zone during boot + + -- Mohit Mehta Thu, 02 Jul 2009 12:19:50 -0700 + vyatta-cfg-system (0.15.48+jenner32) unstable; urgency=low * Allow user to select round-robin mode. -- cgit v1.2.3 From 012d338537f7fa65a619d7edd80f98e1f8ed4d8c Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Thu, 2 Jul 2009 12:19:50 -0700 Subject: 0.15.48+jenner33 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 9397c21e..44f8fa2f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.15.48+jenner33) unstable; urgency=low + + * Fix Bug 4554 check for existing firewall ruleset fails when applying + it to a zone during boot + + -- Mohit Mehta Thu, 02 Jul 2009 12:19:50 -0700 + vyatta-cfg-system (0.15.48+jenner32) unstable; urgency=low * Allow user to select round-robin mode. -- cgit v1.2.3 From ca8bff3d63074c52cf9b532eeec3a6a4cfe76722 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 13:39:58 -0700 Subject: Block creating vif until after slaves present Workaround for bonding VLAN_CHALLENGED bug 4694 --- templates/interfaces/bonding/node.tag/vif/node.def | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def index 13a35b12..0e292217 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -2,13 +2,12 @@ tag: type: u32 help: Set Virtual Local Area Network (VLAN) ID syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 4094; "VLAN ID must be between 0 and 4094" -create: read flags < /sys/class/net/$VAR(../@)/flags - if [ $(( flags & 1 )) -eq 0 ] - then - echo "Can not create VLAN on disabled interface: " $VAR(../@) - exit 1 - fi - sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) || exit 1 +create: read -a SLAVES Date: Tue, 7 Jul 2009 14:16:29 -0700 Subject: 0.15.48+jenner34 --- debian/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/debian/changelog b/debian/changelog index 44f8fa2f..b867453a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +vyatta-cfg-system (0.15.48+jenner34) unstable; urgency=low + + [ Mohit Mehta ] + * 0.15.48+jenner33 + + [ Stephen Hemminger ] + * Block creating vif until after slaves present + + -- Stephen Hemminger Tue, 07 Jul 2009 14:16:28 -0700 + vyatta-cfg-system (0.15.48+jenner33) unstable; urgency=low * Fix Bug 4554 check for existing firewall ruleset fails when applying -- cgit v1.2.3 From 3c76bd6b12dd211075d1dd689a2772c534ec7abe Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 14:25:06 -0700 Subject: Allow disable of bonding interface with VIF bug 4694 No reason to block disabling bonding interface with VIF Kernel handles it fine. --- templates/interfaces/bonding/node.tag/disable/node.def | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/templates/interfaces/bonding/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/disable/node.def index 3d3ffef9..ad033365 100644 --- a/templates/interfaces/bonding/node.tag/disable/node.def +++ b/templates/interfaces/bonding/node.tag/disable/node.def @@ -1,10 +1,5 @@ help: Set interface disabled -create: vif=`/opt/vyatta/sbin/vyatta-interfaces.pl --vif=$VAR(../@) --show=all` - if [ ! -z "$vif" ]; then - echo "Can not disable interface " $VAR(../@) " with vif:" $vif - exit 1 - fi - /etc/netplug/linkdown.d/dhclient $VAR(../@) +create: /etc/netplug/linkdown.d/dhclient $VAR(../@) if ! sudo ip link set $VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../@) -- cgit v1.2.3 From 28e63072029400063d9ac9e1bb0a562a2ac2ba55 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 14:26:05 -0700 Subject: 0.15.48+jenner35 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index b867453a..1944d6c8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner35) unstable; urgency=low + + * Allow disable of bonding interface with VIF + + -- Stephen Hemminger Tue, 07 Jul 2009 14:26:05 -0700 + vyatta-cfg-system (0.15.48+jenner34) unstable; urgency=low [ Mohit Mehta ] -- cgit v1.2.3 From 7c681e2a62388ead8ad2e74a76ff1b0ae386f78f Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 14:31:38 -0700 Subject: Revert "Allow user to select round-robin mode." This reverts commit aba4e42b4b07b856cbcff0fcf5231824fc18bb37. Use proper perl (ie. undefined) rather than a a sentinel value! --- scripts/vyatta-bonding.pl | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/scripts/vyatta-bonding.pl b/scripts/vyatta-bonding.pl index e2cc627d..2f2167fa 100755 --- a/scripts/vyatta-bonding.pl +++ b/scripts/vyatta-bonding.pl @@ -36,32 +36,19 @@ use strict; use warnings; my %modes = ( - ## Linux bonding driver modes + 1 - ## (eg. bond driver expects round-robin = 0) - "invalid_opt" => 0, - "round-robin" => 1, - "active-backup" => 2, - "xor-hash" => 3, - "broadcast" => 4, - "802.3ad" => 5, - "transmit-load-balance" => 6, - "adaptive-load-balance" => 7, + "round-robin" => 0, + "active-backup" => 1, + "xor-hash" => 2, + "broadcast" => 3, + "802.3ad" => 4, + "transmit-load-balance" => 5, + "adaptive-load-balance" => 6, ); sub set_mode { my ($intf, $mode) = @_; - my $request_mode = $mode; my $val = $modes{$mode}; - - ## Check if vaild bonding option is requested. - foreach my $item ( keys(%modes) ) { - $mode = "invalid_opt" unless( $mode =~ m/$item/); - }; - die "Unknown bonding mode $request_mode\n" unless $val; - - ## After above bonding option check, adjust value - ## to value the expected by bonding driver. -MOB - $val = ($val - 1); + die "Unknown bonding mode $mode\n" unless $val; open my $fm, '>', "/sys/class/net/$intf/bonding/mode" or die "Error: $intf is not a bonding device:$!\n"; -- cgit v1.2.3 From 9f4e8c1deba76ef81878551040f16180baaf23be Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 14:35:48 -0700 Subject: Allow round-robin to be selected Simpler version of bug 4647 fix. --- scripts/vyatta-bonding.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/vyatta-bonding.pl b/scripts/vyatta-bonding.pl index 2f2167fa..a0bdbd6e 100755 --- a/scripts/vyatta-bonding.pl +++ b/scripts/vyatta-bonding.pl @@ -48,7 +48,7 @@ my %modes = ( sub set_mode { my ($intf, $mode) = @_; my $val = $modes{$mode}; - die "Unknown bonding mode $mode\n" unless $val; + die "Unknown bonding mode $mode\n" unless defined($val); open my $fm, '>', "/sys/class/net/$intf/bonding/mode" or die "Error: $intf is not a bonding device:$!\n"; -- cgit v1.2.3 From 438c31eb30a2b4e934f644530777e6296c0297b6 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 14:36:20 -0700 Subject: 0.15.48+jenner36 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1944d6c8..e1eb27d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.15.48+jenner36) unstable; urgency=low + + * Revert "Allow user to select round-robin mode." + * Allow round-robin to be selected + + -- Stephen Hemminger Tue, 07 Jul 2009 14:36:20 -0700 + vyatta-cfg-system (0.15.48+jenner35) unstable; urgency=low * Allow disable of bonding interface with VIF -- cgit v1.2.3 From 1b4902564b5a853b925d2c239c8e6a39b1734433 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 15:34:23 -0700 Subject: Fix descriptions with meta-characters Bug 4672 Use ip command rather than sysfs to avoid quoting issues --- templates/interfaces/bonding/node.tag/description/node.def | 2 +- templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def | 2 +- templates/interfaces/bridge/node.tag/description/node.def | 2 +- templates/interfaces/pseudo-ethernet/node.tag/description/node.def | 2 +- templates/interfaces/tunnel/node.tag/description/node.def | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/interfaces/bonding/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/bonding/node.tag/description/node.def +++ b/templates/interfaces/bonding/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def index 40f04bcc..26195fcc 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../../@).$VAR(../@)/ifalias" +update: sudo ip li set dev "$VAR(../../@).$VAR(../@)" alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../../@).$VAR(../@)/ifalias" diff --git a/templates/interfaces/bridge/node.tag/description/node.def b/templates/interfaces/bridge/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/bridge/node.tag/description/node.def +++ b/templates/interfaces/bridge/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/pseudo-ethernet/node.tag/description/node.def b/templates/interfaces/pseudo-ethernet/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/pseudo-ethernet/node.tag/description/node.def +++ b/templates/interfaces/pseudo-ethernet/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/tunnel/node.tag/description/node.def b/templates/interfaces/tunnel/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/tunnel/node.tag/description/node.def +++ b/templates/interfaces/tunnel/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" -- cgit v1.2.3 From 14017ac88239aa275978108759937dbbbd36a663 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Jul 2009 15:35:13 -0700 Subject: 0.15.48+jenner37 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index e1eb27d2..a699fc29 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner37) unstable; urgency=low + + * Fix descriptions with meta-characters + + -- Stephen Hemminger Tue, 07 Jul 2009 15:35:13 -0700 + vyatta-cfg-system (0.15.48+jenner36) unstable; urgency=low * Revert "Allow user to select round-robin mode." -- cgit v1.2.3 From 14039887127d957e8f721d0e5cee725c30ac0179 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 9 Jul 2009 04:54:29 -0700 Subject: 0.15.48+jenner38 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index a699fc29..df805f1e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.48+jenner38) unstable; urgency=low + + * UNRELEASED + + -- Stephen Hemminger Thu, 09 Jul 2009 04:54:29 -0700 + vyatta-cfg-system (0.15.48+jenner37) unstable; urgency=low * Fix descriptions with meta-characters -- cgit v1.2.3