diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-17 12:47:14 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-17 12:47:14 +0000 |
commit | de15765a3768bac4ae99c81ed04460da4760bbf6 (patch) | |
tree | b2531b0ebae4e570945a81c6e9746457398ddc6d /package/firewall | |
parent | c8f606c7601dd8a00120ebf8e3b06ec3bfe59efd (diff) | |
download | mtk-20170518-de15765a3768bac4ae99c81ed04460da4760bbf6.zip mtk-20170518-de15765a3768bac4ae99c81ed04460da4760bbf6.tar.gz mtk-20170518-de15765a3768bac4ae99c81ed04460da4760bbf6.tar.bz2 |
firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2
SVN-Revision: 21486
Diffstat (limited to 'package/firewall')
-rw-r--r-- | package/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/firewall/files/firewall.hotplug | 15 | ||||
-rwxr-xr-x | package/firewall/files/firewall.init | 2 | ||||
-rw-r--r-- | package/firewall/files/lib/core.sh | 9 |
4 files changed, 21 insertions, 7 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 22d3599..3b37c87 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug index e9d167b..bc75e42 100644 --- a/package/firewall/files/firewall.hotplug +++ b/package/firewall/files/firewall.hotplug @@ -9,11 +9,20 @@ . /lib/firewall/core.sh fw_init -fw_is_loaded || exit 0 + +# Wait for firewall if startup is in progress +lock -w /var/lock/firewall.start case "$ACTION" in ifup) - fw_configure_interface "$INTERFACE" add "$DEVICE" ;; + fw_is_loaded && { + fw_configure_interface "$INTERFACE" add "$DEVICE" & + } || { + /etc/init.d/firewall enabled && fw_start & + } + ;; ifdown) - fw_configure_interface "$INTERFACE" del "$DEVICE" ;; + fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" & + ;; esac + diff --git a/package/firewall/files/firewall.init b/package/firewall/files/firewall.init index 5474248..d04804d 100755 --- a/package/firewall/files/firewall.init +++ b/package/firewall/files/firewall.init @@ -10,6 +10,8 @@ fw() { fw_$1 } +boot() { :; } + start() { fw start } diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index 3fd98d1..bf44231 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -8,6 +8,8 @@ include /lib/network fw_start() { fw_init + lock /var/lock/firewall.start + FW_DEFAULTS_APPLIED= fw_is_loaded && { @@ -49,6 +51,8 @@ fw_start() { fw_callback post core uci_set_state firewall core loaded 1 + + lock -u /var/lock/firewall.start } fw_stop() { @@ -75,9 +79,8 @@ fw_reload() { } fw_is_loaded() { - local bool - config_get_bool bool core loaded 0 - return $((! $bool)) + local bool=$(uci -q -P /var/state get firewall.core.loaded) + return $((! ${bool:-0})) } |