From de15765a3768bac4ae99c81ed04460da4760bbf6 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 17 May 2010 12:47:14 +0000 Subject: firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2 SVN-Revision: 21486 --- package/firewall/Makefile | 2 +- package/firewall/files/firewall.hotplug | 15 ++++++++++++--- package/firewall/files/firewall.init | 2 ++ package/firewall/files/lib/core.sh | 9 ++++++--- 4 files changed, 21 insertions(+), 7 deletions(-) (limited to 'package/firewall') diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 22d359939f..3b37c87357 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug index e9d167b79d..bc75e42d1d 100644 --- a/package/firewall/files/firewall.hotplug +++ b/package/firewall/files/firewall.hotplug @@ -9,11 +9,20 @@ . /lib/firewall/core.sh fw_init -fw_is_loaded || exit 0 + +# Wait for firewall if startup is in progress +lock -w /var/lock/firewall.start case "$ACTION" in ifup) - fw_configure_interface "$INTERFACE" add "$DEVICE" ;; + fw_is_loaded && { + fw_configure_interface "$INTERFACE" add "$DEVICE" & + } || { + /etc/init.d/firewall enabled && fw_start & + } + ;; ifdown) - fw_configure_interface "$INTERFACE" del "$DEVICE" ;; + fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" & + ;; esac + diff --git a/package/firewall/files/firewall.init b/package/firewall/files/firewall.init index 54742488e8..d04804d756 100755 --- a/package/firewall/files/firewall.init +++ b/package/firewall/files/firewall.init @@ -10,6 +10,8 @@ fw() { fw_$1 } +boot() { :; } + start() { fw start } diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index 3fd98d1602..bf44231fb0 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -8,6 +8,8 @@ include /lib/network fw_start() { fw_init + lock /var/lock/firewall.start + FW_DEFAULTS_APPLIED= fw_is_loaded && { @@ -49,6 +51,8 @@ fw_start() { fw_callback post core uci_set_state firewall core loaded 1 + + lock -u /var/lock/firewall.start } fw_stop() { @@ -75,9 +79,8 @@ fw_reload() { } fw_is_loaded() { - local bool - config_get_bool bool core loaded 0 - return $((! $bool)) + local bool=$(uci -q -P /var/state get firewall.core.loaded) + return $((! ${bool:-0})) } -- cgit v1.2.3