From 4a5a65f74a43ff33a0c4d54eec377502a6d05fdf Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 21 Sep 2010 17:35:37 -0700 Subject: * move count_iptables_rule to MISC module --- lib/Vyatta/Misc.pm | 13 ++++++++++++- lib/Vyatta/Zone.pm | 10 ---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/lib/Vyatta/Misc.pm b/lib/Vyatta/Misc.pm index 5373f7f..b774f72 100755 --- a/lib/Vyatta/Misc.pm +++ b/lib/Vyatta/Misc.pm @@ -26,7 +26,8 @@ require Exporter; our @ISA = qw(Exporter); our @EXPORT = qw(getInterfaces getIP getNetAddIP get_sysfs_value is_address_enabled is_dhcp_enabled - isIpAddress is_ip_v4_or_v6 interface_description); + isIpAddress is_ip_v4_or_v6 interface_description + count_iptables_rules); our @EXPORT_OK = qw(generate_dhclient_intf_files getInterfacesIPadresses getPortRuleString); @@ -417,4 +418,14 @@ sub interface_description { return $description; } +sub count_iptables_rules { + my ($command, $table, $chain) = @_; + my @lines = `sudo $command -t $table -L $chain -n --line`; + my $cnt = 0; + foreach my $line (@lines) { + $cnt++ if $line =~ /^\d/; + } + return $cnt; +} + 1; diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm index 4b169b5..eccf8ab 100755 --- a/lib/Vyatta/Zone.pm +++ b/lib/Vyatta/Zone.pm @@ -121,16 +121,6 @@ sub get_zone_chain { return $chain; } -sub count_iptables_rules { - my ($command, $table, $chain) = @_; - my @lines = `sudo $command -t $table -L $chain -n --line`; - my $cnt = 0; - foreach my $line (@lines) { - $cnt++ if $line =~ /^\d/; - } - return $cnt; -} - sub validity_checks { my @all_zones = get_all_zones("listNodes"); my @all_interfaces = (); -- cgit v1.2.3 From 090c69d07b8f8225826134d30f42ffe636c156ed Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 21 Sep 2010 17:36:22 -0700 Subject: 0.17.19 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 03b86a3..d9d2e88 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.19) unstable; urgency=low + + * * move count_iptables_rule to MISC module + + -- Mohit Mehta Tue, 21 Sep 2010 17:36:22 -0700 + vyatta-cfg (0.17.18) unstable; urgency=low * fix for bug 6195 -- cgit v1.2.3 From 847b97e90a0ba2e5bd103a0d018592b05879d1c7 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 21 Sep 2010 21:13:06 -0700 Subject: * move count_iptables_rules to Iptables::Mgr module --- lib/Vyatta/Misc.pm | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/lib/Vyatta/Misc.pm b/lib/Vyatta/Misc.pm index b774f72..5373f7f 100755 --- a/lib/Vyatta/Misc.pm +++ b/lib/Vyatta/Misc.pm @@ -26,8 +26,7 @@ require Exporter; our @ISA = qw(Exporter); our @EXPORT = qw(getInterfaces getIP getNetAddIP get_sysfs_value is_address_enabled is_dhcp_enabled - isIpAddress is_ip_v4_or_v6 interface_description - count_iptables_rules); + isIpAddress is_ip_v4_or_v6 interface_description); our @EXPORT_OK = qw(generate_dhclient_intf_files getInterfacesIPadresses getPortRuleString); @@ -418,14 +417,4 @@ sub interface_description { return $description; } -sub count_iptables_rules { - my ($command, $table, $chain) = @_; - my @lines = `sudo $command -t $table -L $chain -n --line`; - my $cnt = 0; - foreach my $line (@lines) { - $cnt++ if $line =~ /^\d/; - } - return $cnt; -} - 1; -- cgit v1.2.3 From ff641edad56ce9e4e4c93c592b58bb8d0464c262 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Tue, 21 Sep 2010 21:13:55 -0700 Subject: 0.17.20 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index d9d2e88..94b3d04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.20) unstable; urgency=low + + * * move count_iptables_rules to Iptables::Mgr module + + -- Mohit Mehta Tue, 21 Sep 2010 21:13:55 -0700 + vyatta-cfg (0.17.19) unstable; urgency=low * * move count_iptables_rule to MISC module -- cgit v1.2.3 From 8dbd8a91c3bab4f34731fa3aee9dbd8af3d98faa Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Sep 2010 10:47:31 -0700 Subject: fix for bug 6213. old cli code uses a char to store length of a string when unescaping the string, w/o checking string length. --- src/cli_path_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli_path_utils.c b/src/cli_path_utils.c index 4111568..2874aeb 100644 --- a/src/cli_path_utils.c +++ b/src/cli_path_utils.c @@ -472,7 +472,7 @@ char *clind_unescape(const char *name) { const char *cp; char *rcp, *ret; - char len; + unsigned long len; for(cp=name, len=0;*cp;++cp, ++len) if(*cp=='%') -- cgit v1.2.3 From d1ac6cf18de187322524b702d2a0b2f669638c1c Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 Sep 2010 10:49:36 -0700 Subject: 0.17.21 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 94b3d04..81a6c98 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.21) unstable; urgency=low + + * fix for bug 6213. + + -- root Fri, 24 Sep 2010 10:49:35 -0700 + vyatta-cfg (0.17.20) unstable; urgency=low * * move count_iptables_rules to Iptables::Mgr module -- cgit v1.2.3 From 44de464034da0056ffb4fcbe18436624af90004e Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Fri, 24 Sep 2010 11:31:21 -0700 Subject: cleanup * set help string only if available. * use "builtin" explicitly. --- etc/bash_completion.d/20vyatta-cfg | 4 ++-- src/cstore/cstore.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg index f6b02ce..22178e1 100755 --- a/etc/bash_completion.d/20vyatta-cfg +++ b/etc/bash_completion.d/20vyatta-cfg @@ -683,11 +683,11 @@ vyatta_config_complete () if ! vyatta_cli_shell_api setupSession; then echo 'Failed to set up config session' - exit 1 + builtin exit 1 fi # disallow 'Ctrl-D' exit, since we need special actions on 'exit' -set -o ignoreeof 1 +builtin set -o ignoreeof 1 reset_edit_level alias set=/opt/vyatta/sbin/my_set diff --git a/src/cstore/cstore.cpp b/src/cstore/cstore.cpp index 8afa3ee..11cdb30 100644 --- a/src/cstore/cstore.cpp +++ b/src/cstore/cstore.cpp @@ -600,7 +600,7 @@ Cstore::getCompletionEnv(const vector& comps, string& env) pair hpair(comp_vals[i], ""); push_tmpl_path(hpair.first); vtw_def cdef; - if (tmpl_parse(cdef)) { + if (tmpl_parse(cdef) && cdef.def_node_help) { hpair.second = cdef.def_node_help; } else { hpair.second = ""; -- cgit v1.2.3 From 817d13b8a92530376453d40987dddcc05a61e832 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Fri, 24 Sep 2010 11:32:21 -0700 Subject: 0.17.22 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 81a6c98..07f0d69 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.22) unstable; urgency=low + + * cleanup + + -- An-Cheng Huang Fri, 24 Sep 2010 11:32:21 -0700 + vyatta-cfg (0.17.21) unstable; urgency=low * fix for bug 6213. -- cgit v1.2.3 From c1a36bdbc0c01cf834b63e62d80e3eeefe33172f Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Fri, 1 Oct 2010 11:10:56 -0700 Subject: Fix Bug 6225 Unable to assign a pppoe interface to zone * change check for fw applied to an interface --- lib/Vyatta/Zone.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm index eccf8ab..0e4981f 100755 --- a/lib/Vyatta/Zone.pm +++ b/lib/Vyatta/Zone.pm @@ -176,7 +176,9 @@ sub validity_checks { if ($intf) { my $config = new Vyatta::Config; $config->setLevel($intf->path()); - if ($config->exists("firewall")) { + if ($config->exists("firewall in name") || + $config->exists("firewall out name") || + $config->exists("firewall local name")) { $returnstring = "interface $interface has firewall configured, " . "cannot be defined under a zone"; -- cgit v1.2.3 From a1f5b9e22b188f9d081db5a783455f926875c6e6 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Fri, 1 Oct 2010 11:15:14 -0700 Subject: 0.17.23 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 07f0d69..2aa7e7d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.23) unstable; urgency=low + + * Fix Bug 6225 Unable to assign a pppoe interface to zone + + -- Mohit Mehta Fri, 01 Oct 2010 11:15:14 -0700 + vyatta-cfg (0.17.22) unstable; urgency=low * cleanup -- cgit v1.2.3 From 2bbc81ebac9491274bca86865b804705c725e248 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 1 Oct 2010 11:37:54 -0700 Subject: Pass optional commit comment through commit to commit hooks. --- etc/bash_completion.d/20vyatta-cfg | 17 ++++++++++++++++- src/commit2.c | 11 +++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/etc/bash_completion.d/20vyatta-cfg b/etc/bash_completion.d/20vyatta-cfg index 22178e1..070d50f 100755 --- a/etc/bash_completion.d/20vyatta-cfg +++ b/etc/bash_completion.d/20vyatta-cfg @@ -97,7 +97,22 @@ show () commit () { - if /opt/vyatta/sbin/my_commit "$@"; then + local comment="commit" + local next=0 + local -a args=() + for arg in "$@"; do + if [ "$next" == "1" ]; then + comment=$arg + next=0; + elif [ "$arg" == "comment" ]; then + next=1 + else + args[${#args[@]}]="$arg" + fi + done + args+=("-C '$comment'") + + if /opt/vyatta/sbin/my_commit "${args[@]}"; then vyatta_cli_shell_api markSessionUnsaved fi } diff --git a/src/commit2.c b/src/commit2.c index 884d2fe..51bb7dd 100644 --- a/src/commit2.c +++ b/src/commit2.c @@ -133,12 +133,13 @@ main(int argc, char** argv) boolean full_commit_check = FALSE; boolean break_priority = FALSE; boolean disable_hook = FALSE; + char *commit_comment = NULL; /* this is needed before calling certain glib functions */ g_type_init(); //grab inputs - while ((ch = getopt(argc, argv, "dpthsecoafbr")) != -1) { + while ((ch = getopt(argc, argv, "dpthsecoafbrC:")) != -1) { switch (ch) { case 'd': g_debug = TRUE; @@ -177,6 +178,9 @@ main(int argc, char** argv) case 'r': disable_hook = TRUE; break; + case 'C': + commit_comment = strdup(optarg); + break; default: usage(); exit(0); @@ -374,7 +378,10 @@ main(int argc, char** argv) if (strcmp(dirp->d_name, ".") != 0 && strcmp(dirp->d_name, "..") != 0) { char buf[MAX_LENGTH_DIR_PATH*sizeof(char)]; - sprintf(buf,"%s/%s",COMMIT_HOOK_DIR,dirp->d_name); + if (commit_comment == NULL) { + commit_comment="commit"; + } + sprintf(buf,"%s/%s %s",COMMIT_HOOK_DIR,dirp->d_name, commit_comment); syslog(LOG_DEBUG,"Starting commit hook: %s",buf); if (system(buf) == -1) { syslog(LOG_WARNING,"Error on call to hook: %s", buf); -- cgit v1.2.3 From 9f867c092263bfa598aa6de309fbfaa4f16336f4 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 1 Oct 2010 11:38:50 -0700 Subject: 0.17.24 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2aa7e7d..01ce3a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.24) unstable; urgency=low + + * Pass optional commit comment through commit to commit hooks. + + -- Stig Thormodsrud Fri, 01 Oct 2010 11:38:50 -0700 + vyatta-cfg (0.17.23) unstable; urgency=low * Fix Bug 6225 Unable to assign a pppoe interface to zone -- cgit v1.2.3 From 00694d6b4c6fdad70401f6fce86d30e85b91f1ec Mon Sep 17 00:00:00 2001 From: root Date: Fri, 1 Oct 2010 09:54:43 -0700 Subject: add commit wrapper hook that allows errors with location to be written to stdout. --- scripts/vyatta-cfg-cmd-wrapper | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/vyatta-cfg-cmd-wrapper b/scripts/vyatta-cfg-cmd-wrapper index 2d22235..6eeff99 100755 --- a/scripts/vyatta-cfg-cmd-wrapper +++ b/scripts/vyatta-cfg-cmd-wrapper @@ -85,6 +85,10 @@ case "$1" in /opt/vyatta/sbin/my_commit -e -d >> /tmp/bar RET_STATUS=$? ;; + commit_with_error) + /opt/vyatta/sbin/my_commit -e + RET_STATUS=$? + ;; save) /opt/vyatta/sbin/vyatta-save-config.pl "${@:2}" RET_STATUS=$? -- cgit v1.2.3 From aeb5e921a30567b13b2e1778778a6cd7523f7322 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 1 Oct 2010 09:58:31 -0700 Subject: 0.17.25 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 01ce3a8..57c5897 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg (0.17.25) unstable; urgency=low + + * add commit wrapper hook that allows errors with location to be + written to stdout. + + -- root Fri, 01 Oct 2010 09:58:30 -0700 + vyatta-cfg (0.17.24) unstable; urgency=low * Pass optional commit comment through commit to commit hooks. -- cgit v1.2.3 From 3ec8c3d238895ff09b329eb8d459a4efdc306a87 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Wed, 6 Oct 2010 16:22:06 -0700 Subject: * don't allow adding an interface to a zone that has content-inspection enabled --- lib/Vyatta/Zone.pm | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm index 0e4981f..b23bc74 100755 --- a/lib/Vyatta/Zone.pm +++ b/lib/Vyatta/Zone.pm @@ -171,17 +171,33 @@ sub validity_checks { return($returnstring, ); } foreach my $interface (@zone_intfs) { - # make sure firewall is not applied to this interface + # make sure zone features are not being used on zone interface my $intf = new Vyatta::Interface($interface); if ($intf) { my $config = new Vyatta::Config; $config->setLevel($intf->path()); + # make sure firewall is not applied to this interface if ($config->exists("firewall in name") || $config->exists("firewall out name") || - $config->exists("firewall local name")) { - $returnstring = - "interface $interface has firewall configured, " . - "cannot be defined under a zone"; + $config->exists("firewall local name") || + $config->exists("firewall in ipv6-name") || + $config->exists("firewall out ipv6-name") || + $config->exists("firewall local ipv6-name")) { + $returnstring = + "interface $interface has firewall rule-set " . + "configured, cannot be defined under a zone"; + return($returnstring, ); + } + # make sure content-inspection is not applied to this interface + if ($config->exists("content-inspection in enable") || + $config->exists("content-inspection out enable") || + $config->exists("content-inspection local enable") || + $config->exists("content-inspection in ipv6-enable") || + $config->exists("content-inspection out ipv6-enable") || + $config->exists("content-inspection local ipv6-enable")) { + $returnstring = + "interface $interface has content-inspection " . + "configured, cannot be defined under a zone"; return($returnstring, ); } } -- cgit v1.2.3 From 54ef1e9a6691a206e80bc21d20b1b72bd7c44ccb Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Wed, 6 Oct 2010 16:23:51 -0700 Subject: 0.17.26 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 57c5897..76409e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg (0.17.26) unstable; urgency=low + + * * don't allow adding an interface to a zone that has content- + inspection enabled + + -- Mohit Mehta Wed, 06 Oct 2010 16:23:51 -0700 + vyatta-cfg (0.17.25) unstable; urgency=low * add commit wrapper hook that allows errors with location to be -- cgit v1.2.3 From 30a5e2f7494b703fd3e69448f77104bd58193647 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Thu, 7 Oct 2010 19:14:39 -0700 Subject: moved code for zones to vyatta-zone package --- Makefile.am | 1 - lib/Vyatta/Zone.pm | 216 ----------------------------------------------------- 2 files changed, 217 deletions(-) delete mode 100755 lib/Vyatta/Zone.pm diff --git a/Makefile.am b/Makefile.am index cef450f..c5d29b1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -89,7 +89,6 @@ share_perl5_DATA += lib/Vyatta/TypeChecker.pm share_perl5_DATA += lib/Vyatta/ConfigOutput.pm share_perl5_DATA += lib/Vyatta/ConfigLoad.pm share_perl5_DATA += lib/Vyatta/Keepalived.pm -share_perl5_DATA += lib/Vyatta/Zone.pm enum_SCRIPTS = scripts/enumeration/existing-interfaces diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm deleted file mode 100755 index b23bc74..0000000 --- a/lib/Vyatta/Zone.pm +++ /dev/null @@ -1,216 +0,0 @@ -# Module: Zone.pm -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Mohit Mehta -# Date: 2009 -# Description: vyatta zone management -# -# **** End License **** -# - -package Vyatta::Zone; - -use Vyatta::Config; -use Vyatta::Misc; -use Vyatta::Interface; - -use strict; -use warnings; - -my $debug="false"; -my $syslog="false"; -my $logger = 'sudo logger -t zone.pm -p local0.warn --'; - -sub run_cmd { - my $cmd = shift; - my $error = system("$cmd"); - - if ($syslog eq "true") { - my $func = (caller(1))[3]; - system("$logger [$func] [$cmd] = [$error]"); - } - if ($debug eq "true") { - my $func = (caller(1))[3]; - print "[$func] [$cmd] = [$error]\n"; - } - return $error; -} - -sub is_fwruleset_active { - my ($value_func, $ruleset_type, $fw_ruleset) = @_; - my $config = new Vyatta::Config; - return $config->$value_func("firewall $ruleset_type $fw_ruleset"); -} - -sub get_all_zones { - my $value_func = shift; - my $config = new Vyatta::Config; - return $config->$value_func("zone-policy zone"); -} - -sub get_zone_interfaces { - my ($value_func, $zone_name) = @_; - my $config = new Vyatta::Config; - return $config->$value_func("zone-policy zone $zone_name interface"); -} - -sub get_from_zones { - my ($value_func, $zone_name) = @_; - my $config = new Vyatta::Config; - return $config->$value_func("zone-policy zone $zone_name from"); -} - -sub get_firewall_ruleset { - my ($value_func, $zone_name, $from_zone, $firewall_type) = @_; - my $config = new Vyatta::Config; - return $config->$value_func("zone-policy zone $zone_name from $from_zone - firewall $firewall_type"); -} - -sub is_local_zone { - my ($value_func, $zone_name) = @_; - my $config = new Vyatta::Config; - return $config->$value_func("zone-policy zone $zone_name local-zone"); -} - -sub get_zone_default_policy { - my ($value_func, $zone_name) = @_; - my $config = new Vyatta::Config; - return $config->$value_func("zone-policy zone $zone_name default-action"); -} - -sub rule_exists { - my ($command, $table, $chain_name, $target, $interface) = @_; - my $cmd = - "sudo $command -t $table -L " . - "$chain_name -v 2>/dev/null | grep \" $target \" "; - if (defined $interface) { - $cmd .= "| grep \" $interface \" "; - } - $cmd .= "| wc -l"; - my $result = `$cmd`; - return $result; -} - -sub get_zone_chain { - my ($value_func, $zone, $localout) = @_; - my $chain = "VZONE_$zone"; - if (defined(is_local_zone($value_func, $zone))) { - # local zone - if (defined $localout) { - # local zone out chain - $chain .= "_OUT"; - } else { - # local zone in chain - $chain .= "_IN"; - } - } - return $chain; -} - -sub validity_checks { - my @all_zones = get_all_zones("listNodes"); - my @all_interfaces = (); - my $num_local_zones = 0; - my $returnstring; - foreach my $zone (@all_zones) { - # get all from zones, see if they exist in config, if not display error - my @from_zones = get_from_zones("listNodes", $zone); - foreach my $from_zone (@from_zones) { - if (scalar(grep(/^$from_zone$/, @all_zones)) == 0) { - $returnstring = "$from_zone is a from zone under zone $zone\n" . - "It is either not defined or deleted from config"; - return ($returnstring, ); - } - } - my @zone_intfs = get_zone_interfaces("returnValues", $zone); - if (scalar(@zone_intfs) == 0) { - # no interfaces defined for this zone - if (!defined(is_local_zone("exists", $zone))) { - $returnstring = "Zone $zone has no interfaces defined " . - "and it's not a local-zone"; - return($returnstring, ); - } - # zone defined as a local-zone - my @zone_intfs_orig = get_zone_interfaces("returnOrigValues", $zone); - if (scalar(@zone_intfs_orig) != 0) { - # can't change change transit zone to local-zone on the fly - $returnstring = "Zone $zone is a transit zone. " . - "Cannot convert it to local-zone.\n" . - "Please define another zone to create local-zone"; - return($returnstring, ); - } - $num_local_zones++; - # make sure only one zone is a local-zone - if ($num_local_zones > 1) { - return ("Only one zone can be defined as a local-zone", ); - } - } else { - # zone has interfaces, make sure it is not set as a local-zone - if (defined(is_local_zone("exists", $zone))) { - $returnstring = "local-zone cannot have interfaces defined"; - return($returnstring, ); - } - # make sure you're not converting local-zone to transit zone either - if (defined(is_local_zone("existsOrig", $zone))) { - $returnstring = "Cannot convert local-zone $zone to transit zone" . - "\nPlease define another zone for it"; - return($returnstring, ); - } - foreach my $interface (@zone_intfs) { - # make sure zone features are not being used on zone interface - my $intf = new Vyatta::Interface($interface); - if ($intf) { - my $config = new Vyatta::Config; - $config->setLevel($intf->path()); - # make sure firewall is not applied to this interface - if ($config->exists("firewall in name") || - $config->exists("firewall out name") || - $config->exists("firewall local name") || - $config->exists("firewall in ipv6-name") || - $config->exists("firewall out ipv6-name") || - $config->exists("firewall local ipv6-name")) { - $returnstring = - "interface $interface has firewall rule-set " . - "configured, cannot be defined under a zone"; - return($returnstring, ); - } - # make sure content-inspection is not applied to this interface - if ($config->exists("content-inspection in enable") || - $config->exists("content-inspection out enable") || - $config->exists("content-inspection local enable") || - $config->exists("content-inspection in ipv6-enable") || - $config->exists("content-inspection out ipv6-enable") || - $config->exists("content-inspection local ipv6-enable")) { - $returnstring = - "interface $interface has content-inspection " . - "configured, cannot be defined under a zone"; - return($returnstring, ); - } - } - # make sure an interface is not defined under two zones - if (scalar(grep(/^$interface$/, @all_interfaces)) > 0) { - return ("$interface defined under two zones", ); - } else { - push(@all_interfaces, $interface); - } - } - } - } - return; -} - -1; -- cgit v1.2.3 From 661363354aad38b903feee00d29f24e86be68972 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Thu, 7 Oct 2010 19:15:07 -0700 Subject: 0.17.27 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 76409e7..e9d54cb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.27) unstable; urgency=low + + * moved code for zones to vyatta-zone package + + -- Mohit Mehta Thu, 07 Oct 2010 19:15:07 -0700 + vyatta-cfg (0.17.26) unstable; urgency=low * * don't allow adding an interface to a zone that has content- -- cgit v1.2.3 From 2ef941169252abd53223f944025abcc5e9cbfe14 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Fri, 8 Oct 2010 10:55:36 -0700 Subject: Bugfix 5830: Teach auto affinity script to use new queue naming scheme. The latest version of the ixgbe driver uses a scheme whereby each pair of TX and RX queues is assigned to the same IRQ. Previously, the TX and RX queues could be assigned to IRQs independently. In /proc/interrupts, each pair of queues is named ethX-TxRx-Y, where X is the ethernet interface unit number, and Y is the TX and RX queue number. --- scripts/vyatta-auto-irqaffin.pl | 88 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 83 insertions(+), 5 deletions(-) diff --git a/scripts/vyatta-auto-irqaffin.pl b/scripts/vyatta-auto-irqaffin.pl index 43a6eb8..be29443 100755 --- a/scripts/vyatta-auto-irqaffin.pl +++ b/scripts/vyatta-auto-irqaffin.pl @@ -13,7 +13,7 @@ # General Public License for more details. # # This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2009,2010 Vyatta, Inc. # All Rights Reserved. # # Author: Bob Gilligan (gilligan@vyatta.com) @@ -170,6 +170,75 @@ sub intel_func{ } }; + +# Affinity setting function for NICs using new intel queue scheme +# that provides one IRQ for each pair of TX and RX queues +sub intel_new_func{ + my ($ifname, $numcpus, $numcores) = @_; + my $txrx_queues; # number of rx/rx queue pairs + my $ht_factor; # 2 if HT enabled, 1 if not + + log_msg("intel_new_func was called.\n"); + + if ($numcpus > $numcores) { + $ht_factor = 2; + } else { + $ht_factor = 1; + } + + log_msg("ht_factor is $ht_factor.\n"); + + # Figure out how many queues we have + + $txrx_queues=`grep "$ifname-TxRx-" /proc/interrupts | wc -l`; + $txrx_queues =~ s/\n//; + + log_msg("txrx_queues is $txrx_queues.\n"); + + if ($txrx_queues <= 0) { + printf("Error: No TxRx queues found for new intel driver.\n"); + exit 1; + } + + # For i = 0 to number of queues: + # Affinity of TX/RX queue $i gets CPU ($i * (2 if HT, 1 if no HT)) + # % number_of_cpus + for (my $queue = 0, my $cpu = 0; ($queue < $txrx_queues) ; $queue++) { + # Generate the hex string for the bitmask representing this CPU + my $cpu_bit = 1 << $cpu; + my $cpu_hex = sprintf("%x", $cpu_bit); + log_msg ("queue=$queue cpu=$cpu cpu_bit=$cpu_bit cpu_hex=$cpu_hex\n"); + + # Get the IRQ number for RX queue + my $txrx_irq=`grep "$ifname-TxRx-$queue\$" /proc/interrupts | awk -F: '{print \$1}'`; + $txrx_irq =~ s/\n//; + $txrx_irq =~ s/ //g; + + log_msg("txrx_irq = $txrx_irq.\n"); + + # Assign CPU affinity for this IRQs + system "echo $cpu_hex > /proc/irq/$txrx_irq/smp_affinity"; + + $cpu += $ht_factor; + + if ($cpu >= $numcpus) { + # Must "wrap" + $cpu %= $numcpus; + + if ($ht_factor > 1) { + # Next time through, select the other CPU in a hyperthreaded + # pair. + if ($cpu == 0) { + $cpu++; + } else { + $cpu--; + } + } + } + } +}; + + # Affinity assignment function for Broadcom NICs using the bnx2 driver # or other multi-queue NICs that follow their queue naming convention. # This strategy is similar to that for Intel drivers. But since @@ -287,6 +356,7 @@ sub single_func { # Mapping from driver type to function that handles it. my %driver_hash = ( 'intel' => \&intel_func, + 'intel_new' => \&intel_new_func, 'broadcom' => \&broadcom_func, 'single' => \&single_func); @@ -335,12 +405,20 @@ if (defined $setup_ifname) { my $rx_queues=`grep "$ifname-rx-" /proc/interrupts | wc -l`; $rx_queues =~ s/\n//; if ($rx_queues > 0) { - # Driver is following the Intel queue naming style + # Driver is following the original Intel queue naming style $driver_style="intel"; } else { - # The only other queue naming style that we have seen is the - # one used by Broadcom NICs. - $driver_style="broadcom"; + my $rx_queues=`grep "$ifname-TxRx-" /proc/interrupts | wc -l`; + if ($rx_queues > 0) { + # Driver is following the new Intel queue naming + # style where on IRQ is used for each pair of + # TX and RX queues + $driver_style="intel_new"; + } else { + # The only other queue naming style that we have seen is the + # one used by Broadcom NICs. + $driver_style="broadcom"; + } } } elsif ($numints == 1) { # It is a single queue NIC. -- cgit v1.2.3 From 5a6f2408d846686ed507c93b8ad8ae85165d8add Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Fri, 8 Oct 2010 11:02:15 -0700 Subject: 0.17.28 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index e9d54cb..068acc6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg (0.17.28) unstable; urgency=low + + * Bugfix 5830: Teach auto affinity script to use new queue naming + scheme. + + -- Bob Gilligan Fri, 08 Oct 2010 11:02:14 -0700 + vyatta-cfg (0.17.27) unstable; urgency=low * moved code for zones to vyatta-zone package -- cgit v1.2.3 From 92bd0daffbe0146f91ca0626b3a9b5c89bd4057b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Oct 2010 12:01:52 -0700 Subject: reference error location method in config module. --- lib/Vyatta/Config.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/Vyatta/Config.pm b/lib/Vyatta/Config.pm index 6dfcc46..e30ba67 100755 --- a/lib/Vyatta/Config.pm +++ b/lib/Vyatta/Config.pm @@ -676,6 +676,16 @@ sub compareValueLists { return %comp_hash; } +sub outputError { + my ($self, $location, $msg) = @_; + print STDERR $msg . "\n"; + if (defined($ENV{VYATTA_OUTPUT_ERROR_LOCATION})) { + foreach my $elem (@$location) { + print STDERR "reference:[" . $elem . "]\n"; + } + } +} + ############################################################ # API functions that have not been converted ############################################################ -- cgit v1.2.3 From 6c5ff4b34a3d4d62fd72c07eda0a2ad5cf72d813 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Oct 2010 12:03:26 -0700 Subject: 0.17.29 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 068acc6..05ab5af 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg (0.17.29) unstable; urgency=low + + * reference error location method in config module. + + -- root Fri, 08 Oct 2010 12:03:25 -0700 + vyatta-cfg (0.17.28) unstable; urgency=low * Bugfix 5830: Teach auto affinity script to use new queue naming -- cgit v1.2.3 From db4b7b3e30ae7f116bc09c8ed27c4cde00dc0c32 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Oct 2010 15:48:06 -0700 Subject: change location tag for error from reference: to errloc: --- lib/Vyatta/Config.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Vyatta/Config.pm b/lib/Vyatta/Config.pm index e30ba67..1488c3d 100755 --- a/lib/Vyatta/Config.pm +++ b/lib/Vyatta/Config.pm @@ -681,7 +681,7 @@ sub outputError { print STDERR $msg . "\n"; if (defined($ENV{VYATTA_OUTPUT_ERROR_LOCATION})) { foreach my $elem (@$location) { - print STDERR "reference:[" . $elem . "]\n"; + print STDERR "errloc:[" . $elem . "]\n"; } } } -- cgit v1.2.3 From 73ee5b7ec3ad013fee079830969fb1ddec6ae2da Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Oct 2010 15:50:36 -0700 Subject: change error location tag from commit process --- src/commit2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commit2.c b/src/commit2.c index 51bb7dd..0eb75f0 100644 --- a/src/commit2.c +++ b/src/commit2.c @@ -590,7 +590,7 @@ process_func(GNode *node, gpointer data) if (!status) { //EXECUTE_LIST RETURNS FALSE ON FAILURE.... syslog(LOG_ERR,"commit error for %s:[%s]\n",ActionNames[result->_action],d->_path); if (g_display_error_node) { - fprintf(out_stream,"%s:[%s]\n",ActionNames[result->_action],d->_path); + fprintf(out_stream,"%s@errloc:[%s]\n",ActionNames[result->_action],d->_path); } result->_err_code = 1; if (g_debug) { @@ -1404,7 +1404,7 @@ validate_func(GNode *node, gpointer data) } syslog(LOG_ERR,"commit error for %s:[%s]\n",ActionNames[result->_action],d->_path); if (g_display_error_node) { - fprintf(out_stream,"%s:[%s]\n",ActionNames[result->_action],d->_path); + fprintf(out_stream,"%s@errloc:[%s]\n",ActionNames[result->_action],d->_path); } result->_err_code = 1; if (g_debug) { -- cgit v1.2.3 From 6bbaacf5f0cc1880006a75084539d773eda662ff Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Oct 2010 15:51:37 -0700 Subject: 0.17.30 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 05ab5af..cb6f1be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg (0.17.30) unstable; urgency=low + + * change location tag for error from reference: to errloc: + * change error location tag from commit process + + -- root Mon, 11 Oct 2010 15:51:37 -0700 + vyatta-cfg (0.17.29) unstable; urgency=low * reference error location method in config module. -- cgit v1.2.3