summaryrefslogtreecommitdiff
path: root/package/firewall
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-05-17 12:47:14 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-05-17 12:47:14 +0000
commitde15765a3768bac4ae99c81ed04460da4760bbf6 (patch)
treeb2531b0ebae4e570945a81c6e9746457398ddc6d /package/firewall
parentc8f606c7601dd8a00120ebf8e3b06ec3bfe59efd (diff)
downloadmtk-20170518-de15765a3768bac4ae99c81ed04460da4760bbf6.zip
mtk-20170518-de15765a3768bac4ae99c81ed04460da4760bbf6.tar.gz
mtk-20170518-de15765a3768bac4ae99c81ed04460da4760bbf6.tar.bz2
firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2
SVN-Revision: 21486
Diffstat (limited to 'package/firewall')
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/firewall.hotplug15
-rwxr-xr-xpackage/firewall/files/firewall.init2
-rw-r--r--package/firewall/files/lib/core.sh9
4 files changed, 21 insertions, 7 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 22d3599..3b37c87 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug
index e9d167b..bc75e42 100644
--- a/package/firewall/files/firewall.hotplug
+++ b/package/firewall/files/firewall.hotplug
@@ -9,11 +9,20 @@
. /lib/firewall/core.sh
fw_init
-fw_is_loaded || exit 0
+
+# Wait for firewall if startup is in progress
+lock -w /var/lock/firewall.start
case "$ACTION" in
ifup)
- fw_configure_interface "$INTERFACE" add "$DEVICE" ;;
+ fw_is_loaded && {
+ fw_configure_interface "$INTERFACE" add "$DEVICE" &
+ } || {
+ /etc/init.d/firewall enabled && fw_start &
+ }
+ ;;
ifdown)
- fw_configure_interface "$INTERFACE" del "$DEVICE" ;;
+ fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+ ;;
esac
+
diff --git a/package/firewall/files/firewall.init b/package/firewall/files/firewall.init
index 5474248..d04804d 100755
--- a/package/firewall/files/firewall.init
+++ b/package/firewall/files/firewall.init
@@ -10,6 +10,8 @@ fw() {
fw_$1
}
+boot() { :; }
+
start() {
fw start
}
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 3fd98d1..bf44231 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -8,6 +8,8 @@ include /lib/network
fw_start() {
fw_init
+ lock /var/lock/firewall.start
+
FW_DEFAULTS_APPLIED=
fw_is_loaded && {
@@ -49,6 +51,8 @@ fw_start() {
fw_callback post core
uci_set_state firewall core loaded 1
+
+ lock -u /var/lock/firewall.start
}
fw_stop() {
@@ -75,9 +79,8 @@ fw_reload() {
}
fw_is_loaded() {
- local bool
- config_get_bool bool core loaded 0
- return $((! $bool))
+ local bool=$(uci -q -P /var/state get firewall.core.loaded)
+ return $((! ${bool:-0}))
}