mirror of https://github.com/hak5/openwrt.git
firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2
SVN-Revision: 21486lede-17.01
parent
c8f606c760
commit
de15765a37
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||||
PKG_NAME:=firewall
|
PKG_NAME:=firewall
|
||||||
|
|
||||||
PKG_VERSION:=2
|
PKG_VERSION:=2
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=2
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
|
|
@ -9,11 +9,20 @@
|
||||||
|
|
||||||
. /lib/firewall/core.sh
|
. /lib/firewall/core.sh
|
||||||
fw_init
|
fw_init
|
||||||
fw_is_loaded || exit 0
|
|
||||||
|
# Wait for firewall if startup is in progress
|
||||||
|
lock -w /var/lock/firewall.start
|
||||||
|
|
||||||
case "$ACTION" in
|
case "$ACTION" in
|
||||||
ifup)
|
ifup)
|
||||||
fw_configure_interface "$INTERFACE" add "$DEVICE" ;;
|
fw_is_loaded && {
|
||||||
|
fw_configure_interface "$INTERFACE" add "$DEVICE" &
|
||||||
|
} || {
|
||||||
|
/etc/init.d/firewall enabled && fw_start &
|
||||||
|
}
|
||||||
|
;;
|
||||||
ifdown)
|
ifdown)
|
||||||
fw_configure_interface "$INTERFACE" del "$DEVICE" ;;
|
fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,8 @@ fw() {
|
||||||
fw_$1
|
fw_$1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
boot() { :; }
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
fw start
|
fw start
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,8 @@ include /lib/network
|
||||||
fw_start() {
|
fw_start() {
|
||||||
fw_init
|
fw_init
|
||||||
|
|
||||||
|
lock /var/lock/firewall.start
|
||||||
|
|
||||||
FW_DEFAULTS_APPLIED=
|
FW_DEFAULTS_APPLIED=
|
||||||
|
|
||||||
fw_is_loaded && {
|
fw_is_loaded && {
|
||||||
|
@ -49,6 +51,8 @@ fw_start() {
|
||||||
fw_callback post core
|
fw_callback post core
|
||||||
|
|
||||||
uci_set_state firewall core loaded 1
|
uci_set_state firewall core loaded 1
|
||||||
|
|
||||||
|
lock -u /var/lock/firewall.start
|
||||||
}
|
}
|
||||||
|
|
||||||
fw_stop() {
|
fw_stop() {
|
||||||
|
@ -75,9 +79,8 @@ fw_reload() {
|
||||||
}
|
}
|
||||||
|
|
||||||
fw_is_loaded() {
|
fw_is_loaded() {
|
||||||
local bool
|
local bool=$(uci -q -P /var/state get firewall.core.loaded)
|
||||||
config_get_bool bool core loaded 0
|
return $((! ${bool:-0}))
|
||||||
return $((! $bool))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue