projects / project / firewall3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e92392d)
load running state after lock is acquired
authorAlin Năstac <alin.nastac@gmail.com>
Fri, 29 Apr 2016 13:00:01 +0000 (15:00 +0200)
committerJo-Philipp Wich <jo@mein.io>
Mon, 2 May 2016 17:40:42 +0000 (18:40 +0100)
When running "/etc/init.d/firewall reload & fw3 -q restart", the
fw3 instance that handle the reload might try to read the running
state after firewall was stopped by the fw3 instance that does the
restarting. Since a NULL run_state will transform reload operation in
start operation, the resulted iptables chains will contain duplicate
sets of rules.

main.c patch | blob | history

diff --git a/main.c b/main.c
index b95302050286d1d840caea0cc74313da0c46599d..241da628274987dadb6d38c85c3ec4845a92d2c2 100644 (file)
--- a/main.c
+++ b/main.c
@@ -546,7 +546,6 @@ int main(int argc, char **argv)
        }
 
        build_state(false);
-       build_state(true);
        defs = &cfg_state->defaults;
 
        if (optind >= argc)
@@ -577,12 +576,18 @@ int main(int argc, char **argv)
                print_family = family;
                fw3_pr_debug = true;
 
-               rv = start();
+               if (fw3_lock())
+               {
+                       build_state(true);
+                       rv = start();
+                       fw3_unlock();
+               }
        }
        else if (!strcmp(argv[optind], "start"))
        {
                if (fw3_lock())
                {
+                       build_state(true);
                        rv = start();
                        fw3_unlock();
                }
@@ -591,6 +596,7 @@ int main(int argc, char **argv)
        {
                if (fw3_lock())
                {
+                       build_state(true);
                        rv = stop(false);
                        fw3_unlock();
                }
@@ -599,6 +605,7 @@ int main(int argc, char **argv)
        {
                if (fw3_lock())
                {
+                       build_state(true);
                        rv = stop(true);
                        fw3_unlock();
                }
@@ -607,6 +614,7 @@ int main(int argc, char **argv)
        {
                if (fw3_lock())
                {
+                       build_state(true);
                        stop(true);
                        rv = start();
                        fw3_unlock();
@@ -616,6 +624,7 @@ int main(int argc, char **argv)
        {
                if (fw3_lock())
                {
+                       build_state(true);
                        rv = reload();
                        fw3_unlock();
                }
OpenWrt firewall configuration utility