ubus: do not overwrite ipset name attribute

[project/firewall3.git] / iptables.c

diff --git a/iptables.c b/iptables.c
index f8d4d46ec7717fca1f38f77c23092342b576e3c6..559fe7defef3be85c4eb2934884caf549f932bc5 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -55,6 +55,8 @@
 
 #include "iptables.h"
 
+#define XT_LOCK_NAME "/var/run/xtables.lock"
+static int xt_lock_fd = -1;
 
 struct fw3_ipt_rule {
        struct fw3_ipt_handle *h;
@@ -168,6 +170,11 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 
        xtables_init();
 
+       while (!fw3_lock_path(&xt_lock_fd, XT_LOCK_NAME)) {
+               warn("Currently busy xtables.lock - wait 1 second");
+               sleep(1);
+       }
+
        if (family == FW3_FAMILY_V6)
        {
 #ifndef DISABLE_IPV6
@@ -192,6 +199,7 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
        if (!h->handle)
        {
                free(h);
+               fw3_unlock_path(&xt_lock_fd, XT_LOCK_NAME);
                return NULL;
        }
 
@@ -561,6 +569,7 @@ fw3_ipt_commit(struct fw3_ipt_handle *h)
 void
 fw3_ipt_close(struct fw3_ipt_handle *h)
 {
+       fw3_unlock_path(&xt_lock_fd, XT_LOCK_NAME);
        free(h);
 }
 
@@ -899,7 +908,7 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
                if (sp->port_min == sp->port_max)
                        sprintf(buf, "%u", sp->port_min);
                else
-                       sprintf(buf, "%u:%u", sp->port_min, sp->port_max);
+                       snprintf(buf, sizeof(buf), "%u:%u", sp->port_min, sp->port_max);
 
                fw3_ipt_rule_addarg(r, sp->invert, "--sport", buf);
        }
@@ -909,7 +918,7 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
                if (dp->port_min == dp->port_max)
                        sprintf(buf, "%u", dp->port_min);
                else
-                       sprintf(buf, "%u:%u", dp->port_min, dp->port_max);
+                       snprintf(buf, sizeof(buf), "%u:%u", dp->port_min, dp->port_max);
 
                fw3_ipt_rule_addarg(r, dp->invert, "--dport", buf);
        }
@@ -955,7 +964,7 @@ fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
                if (icmp->code6_min == 0 && icmp->code6_max == 0xFF)
                        sprintf(buf, "%u", icmp->type6);
                else
-                       sprintf(buf, "%u/%u", icmp->type6, icmp->code6_min);
+                       snprintf(buf, sizeof(buf), "%u/%u", icmp->type6, icmp->code6_min);
 
                fw3_ipt_rule_addarg(r, icmp->invert, "--icmpv6-type", buf);
        }
@@ -965,7 +974,7 @@ fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
                if (icmp->code_min == 0 && icmp->code_max == 0xFF)
                        sprintf(buf, "%u", icmp->type);
                else
-                       sprintf(buf, "%u/%u", icmp->type, icmp->code_min);
+                       snprintf(buf, sizeof(buf), "%u/%u", icmp->type, icmp->code_min);
 
                fw3_ipt_rule_addarg(r, icmp->invert, "--icmp-type", buf);
        }
@@ -1140,6 +1149,20 @@ fw3_ipt_rule_mark(struct fw3_ipt_rule *r, struct fw3_mark *mark)
        fw3_ipt_rule_addarg(r, mark->invert, "--mark", buf);
 }
 
+void
+fw3_ipt_rule_dscp(struct fw3_ipt_rule *r, struct fw3_dscp *dscp)
+{
+       char buf[sizeof("0xFF\0")];
+
+       if (!dscp || !dscp->set)
+               return;
+
+       sprintf(buf, "0x%x", dscp->dscp);
+
+       fw3_ipt_rule_addarg(r, false, "-m", "dscp");
+       fw3_ipt_rule_addarg(r, dscp->invert, "--dscp", buf);
+}
+
 void
 fw3_ipt_rule_comment(struct fw3_ipt_rule *r, const char *fmt, ...)
 {