On 1/21/2015 7:21 AM, Ed W wrote: > Hi, you kindly added the interface "enable" feature some versions back > in response to my use case. I have recently made some updates to my > environment, which includes upgrading to shorewall 4.5.21.10. > > I'm hitting a race condition at startup of the device: > - My init system (openrc) brings up shorewall, this runs "shorewall start" > - At about the same time udev is bringing up a 3G datacard which calls > "shorewall enable" as part of the udev scripts > > I haven't traced this exhaustively, but as near as I can tell, because > it's a fairly slow box, the "enable" is running during the call to > "start". I think I must have a race in as much as "enable" isnt > enabling the interface, but also I see the warning "interface pppX is > not usable" at the startup of Shorewall, so I infer that it in turn the > main script isn't seeing the interface being up either. > > The net effect is that my interface starts up ok, but there are no > firewall or routing rules setup for it. If I add another "shorewall > enable" from the command line then everything starts working > > I experimented by adding a "mutex_o[n|ff]" around the relevant lines in > the shorewall firewall script and this seems to resolve the race. Do you > see any issues with wrapping all the commands with a mutex? Are there > exit paths which might not release the mutex..? Do you see another > solution to solving such a race? (I notice that at the moment only "up" > and "down" paths have a mutex?) >
Hi Ed, The attached patch should do the job. Beware that not all commands in the script can be wrapped with mutex because the CLI programs wrap many of them already. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer
index 7b21d30..8d1d99c 100644
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@@ -373,20 +373,24 @@ case "$COMMAND" in
[ $# -eq 1 ] && exit 0
shift
[ $# -ne 1 ] && usage 2
+ mutex_on
if product_is_started; then
detect_configuration
enable_provider $1
fi
+ mutex_off
status=0
;;
disable)
[ $# -eq 1 ] && exit 0
shift
[ $# -ne 1 ] && usage 2
+ mutex_on
if product_is_started; then
detect_configuration
disable_provider $1
fi
+ mutex_off
status=0
;;
run)
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
