On 21/01/2015 16:14, Tom Eastep wrote: > On 1/21/2015 7:21 AM, Ed W wrote: >> Hi, you kindly added the interface "enable" feature some versions back >> in response to my use case. I have recently made some updates to my >> environment, which includes upgrading to shorewall 4.5.21.10. >> >> I'm hitting a race condition at startup of the device: >> - My init system (openrc) brings up shorewall, this runs "shorewall start" >> - At about the same time udev is bringing up a 3G datacard which calls >> "shorewall enable" as part of the udev scripts >> >> I haven't traced this exhaustively, but as near as I can tell, because >> it's a fairly slow box, the "enable" is running during the call to >> "start". I think I must have a race in as much as "enable" isnt >> enabling the interface, but also I see the warning "interface pppX is >> not usable" at the startup of Shorewall, so I infer that it in turn the >> main script isn't seeing the interface being up either. >> >> The net effect is that my interface starts up ok, but there are no >> firewall or routing rules setup for it. If I add another "shorewall >> enable" from the command line then everything starts working >> >> I experimented by adding a "mutex_o[n|ff]" around the relevant lines in >> the shorewall firewall script and this seems to resolve the race. Do you >> see any issues with wrapping all the commands with a mutex? Are there >> exit paths which might not release the mutex..? Do you see another >> solution to solving such a race? (I notice that at the moment only "up" >> and "down" paths have a mutex?) >> > Hi Ed, > > The attached patch should do the job. Beware that not all commands in > the script can be wrapped with mutex because the CLI programs wrap many > of them already. > > -Tom >
Hi, forgive please that I'm only looking at my older 4.5 version, possibly 4.6 is changed. However, can you please check your patch as I need to also add the mutex to "start"? It's not enough to add the mutex ONLY to "enable"? My test patch looks as yours, only I also wrap the "start" path Can you comment if this will make it's way into a subsequent release please? (it's not the end of the world for me to maintain locally though) Thanks Ed W ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
