projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
firewall3: fix left shift on 64 bit systems in fw3_bitlen2netmask
[project/firewall3.git]
/
main.c
diff --git
a/main.c
b/main.c
index 17d71d19ea331c0d26279baa7348ac709289782e..71463aec6a3840b547291de8fbae5ece5f9939c3 100644
(file)
--- a/
main.c
+++ b/
main.c
@@
-45,12
+45,10
@@
build_state(bool runtime)
struct uci_package *p = NULL;
FILE *sf;
struct uci_package *p = NULL;
FILE *sf;
- state = malloc(sizeof(*state));
-
+ state = calloc(1, sizeof(*state));
if (!state)
error("Out of memory");
if (!state)
error("Out of memory");
- memset(state, 0, sizeof(*state));
state->uci = uci_alloc_context();
if (!state->uci)
state->uci = uci_alloc_context();
if (!state->uci)
@@
-169,8
+167,6
@@
family_set(struct fw3_state *state, enum fw3_family family, bool set)
static int
stop(bool complete)
{
static int
stop(bool complete)
{
- FILE *ct;
-
int rv = 1;
enum fw3_family family;
enum fw3_table table;
int rv = 1;
enum fw3_family family;
enum fw3_table table;
@@
-226,13
+222,8
@@
stop(bool complete)
if (run_state)
fw3_destroy_ipsets(run_state);
if (run_state)
fw3_destroy_ipsets(run_state);
- if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
- {
- info(" * Flushing conntrack table ...");
-
- fwrite("f\n", 2, 1, ct);
- fclose(ct);
- }
+ if (complete)
+ fw3_flush_conntrack(NULL);
if (!rv && run_state)
fw3_write_statefile(run_state);
if (!rv && run_state)
fw3_write_statefile(run_state);
@@
-306,6
+297,7
@@
start(void)
if (!rv)
{
if (!rv)
{
+ fw3_flush_conntrack(run_state);
fw3_set_defaults(cfg_state);
if (!print_family)
fw3_set_defaults(cfg_state);
if (!print_family)
@@
-397,6
+389,8
@@
start:
if (!rv)
{
if (!rv)
{
+ fw3_flush_conntrack(run_state);
+
fw3_set_defaults(cfg_state);
fw3_run_includes(cfg_state, true);
fw3_hotplug_zones(cfg_state, true);
fw3_set_defaults(cfg_state);
fw3_run_includes(cfg_state, true);
fw3_hotplug_zones(cfg_state, true);