Changeset 21486


Ignore:
Timestamp:
2010-05-17T14:47:14+02:00 (8 years ago)
Author:
jow
Message:

[package] firewall:

  • defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices
  • create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif
  • start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off
  • get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state
  • bump package revision to r2
Location:
trunk/package/firewall
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/firewall/Makefile

    r21286 r21486  
    1010 
    1111PKG_VERSION:=2 
    12 PKG_RELEASE:=1 
     12PKG_RELEASE:=2 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • trunk/package/firewall/files/firewall.hotplug

    r21360 r21486  
    1010. /lib/firewall/core.sh 
    1111fw_init 
    12 fw_is_loaded || exit 0 
     12 
     13# Wait for firewall if startup is in progress 
     14lock -w /var/lock/firewall.start 
    1315 
    1416case "$ACTION" in 
    1517        ifup) 
    16                 fw_configure_interface "$INTERFACE" add "$DEVICE" ;; 
     18                fw_is_loaded && { 
     19                        fw_configure_interface "$INTERFACE" add "$DEVICE" & 
     20                } || { 
     21                        /etc/init.d/firewall enabled && fw_start & 
     22                } 
     23        ;; 
    1724        ifdown) 
    18                 fw_configure_interface "$INTERFACE" del "$DEVICE" ;; 
     25                fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" & 
     26        ;; 
    1927esac 
     28 
  • trunk/package/firewall/files/firewall.init

    r21286 r21486  
    1010        fw_$1 
    1111} 
     12 
     13boot() { :; } 
    1214 
    1315start() { 
  • trunk/package/firewall/files/lib/core.sh

    r21286 r21486  
    88fw_start() { 
    99        fw_init 
     10 
     11        lock /var/lock/firewall.start 
    1012 
    1113        FW_DEFAULTS_APPLIED= 
     
    5052 
    5153        uci_set_state firewall core loaded 1 
     54 
     55        lock -u /var/lock/firewall.start 
    5256} 
    5357 
     
    7680 
    7781fw_is_loaded() { 
    78         local bool 
    79         config_get_bool bool core loaded 0 
    80         return $((! $bool)) 
     82        local bool=$(uci -q -P /var/state get firewall.core.loaded) 
     83        return $((! ${bool:-0})) 
    8184} 
    8285 
Note: See TracChangeset for help on using the changeset viewer.