On 1/12/2018 7:33 PM, Tom Eastep wrote:
> On 01/12/2018 04:09 AM, Brian J. Murrell wrote:
>> I frequently get the following situation on my shorewall-lite machine,
>> typically right after boot, where "shorewall-lite restart" has been run
>> many times, overlapping even, I am sure as interfaces are brought up,
>> etc.:
>>
>> # ps -ef | grep shorewall
>> root 1094 1 0 Jan11 ? 00:00:01 lock
>> /etc/shorewall-lite/state/lock
>> root 2507 1 0 Jan11 ? 00:00:01 lock
>> /etc/shorewall-lite/state/lock
>> root 3124 1 0 Jan11 ? 00:00:00 lock
>> /etc/shorewall-lite/state/lock
>> root 7608 6935 0 06:29 pts/1 00:00:00 grep shorewall
>> root 11770 1 0 Jan11 ? 00:00:00 lock
>> /etc/shorewall-lite/state/lock
>>
>> # ls -l /etc/shorewall-lite/state/lock
>> ls: /etc/shorewall-lite/state/lock: No such file or directory
>> # ls -l /proc/{1094,2507,3124,11770}/fd/
>> /proc/1094/fd/:
>> lr-x------ 1 root root 64 Jan 12 06:26 0 -> /dev/null
>> l-wx------ 1 root root 64 Jan 12 06:26 1 -> pipe:[1896]
>> l-wx------ 1 root root 64 Jan 12 06:26 12 -> pipe:[1896]
>> l-wx------ 1 root root 64 Jan 12 06:26 2 -> pipe:[1896]
>> lrwx------ 1 root root 64 Jan 12 06:26 3 ->
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> /proc/11770/fd/:
>> lrwx------ 1 root root 64 Jan 12 06:30 0 -> /dev/null
>> lrwx------ 1 root root 64 Jan 12 06:30 1 -> /dev/null
>> l-wx------ 1 root root 64 Jan 12 06:30 13 -> pipe:[1718]
>> lrwx------ 1 root root 64 Jan 12 06:30 2 -> /dev/null
>> lrwx------ 1 root root 64 Jan 12 06:30 3 ->
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> /proc/2507/fd/:
>> lrwx------ 1 root root 64 Jan 12 06:30 0 -> /dev/null
>> lrwx------ 1 root root 64 Jan 12 06:30 1 -> /dev/null
>> l-wx------ 1 root root 64 Jan 12 06:30 13 -> pipe:[1718]
>> lrwx------ 1 root root 64 Jan 12 06:30 2 -> /dev/null
>> lrwx------ 1 root root 64 Jan 12 06:30 3 ->
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> /proc/3124/fd/:
>> lrwx------ 1 root root 64 Jan 12 06:30 0 -> /dev/null
>> lrwx------ 1 root root 64 Jan 12 06:30 1 -> /dev/null
>> l-wx------ 1 root root 64 Jan 12 06:30 13 -> pipe:[1718]
>> lrwx------ 1 root root 64 Jan 12 06:30 2 -> /dev/null
>> lrwx------ 1 root root 64 Jan 12 06:30 3 ->
>> /etc/shorewall-lite/state/lock (deleted)
>> # lsof -n | grep state/lock
>> lock 1094 root 3u REG 0,14 5 13407
>> /etc/shorewall-lite/state/lock (deleted)
>> lock 2507 root 3u REG 0,14 5 13415
>> /etc/shorewall-lite/state/lock (deleted)
>> lock 3124 root 3u REG 0,14 5 13448
>> /etc/shorewall-lite/state/lock (deleted)
>> lock 11770 root 3u REG 0,14 6 13663
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> I wonder if anyone has any theories on what is going on here?
>>
>
> I do not -- here is the only code in Shorewall that invoked 'lock' (one
> line might appear folded by my mailer):
>
> mutex_on()
> {
> local try
> try=0
> local lockf
> lockf=${LOCKFILE:=${VARDIR}/lock}
> local lockpid
> local lockd
>
> MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
>
> if [ $MUTEX_TIMEOUT -gt 0 ]; then
>
> lockd=$(dirname $LOCKFILE)
>
> [ -d "$lockd" ] || mkdir -p "$lockd"
>
> if [ -f $lockf ]; then
> lockpid=`cat ${lockf} 2> /dev/null`
> if [ -z "$lockpid" -o $lockpid = 0 ]; then
> rm -f ${lockf}
> error_message "WARNING: Stale lockfile ${lockf} removed"
> elif [ $lockpid -eq $$ ]; then
> return 0
> elif ! ps | grep -v grep | qt grep ${lockpid}; then
> rm -f ${lockf}
> error_message "WARNING: Stale lockfile ${lockf} from pid
> ${lockpid}
> removed"
> fi
> fi
>
> if qt mywhich lockfile; then
> lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
> chmod u+w ${lockf}
> echo $$ > ${lockf}
> chmod u-w ${lockf}
> elif qt mywhich lock; then
> lock ${lockf}
> chmod u=r ${lockf}
> else
> while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
> sleep 1
> try=$((${try} + 1))
> done
>
> if [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
> # Create the lockfile
> echo $$ > ${lockf}
> else
> echo "Giving up on lock file ${lockf}" >&2
> fi
> fi
> fi
> }
>
> The part that invoked 'lock' was contributed, as I recall.
>
If you are not on OpenWRT you may want to apply the attached patch.
-Matt
--
Matt Darfeuille
diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
index 8ff2aa8b4..29876b1e2 100644
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -778,7 +778,7 @@ mutex_on()
chmod u+w ${lockf}
echo $$ > ${lockf}
chmod u-w ${lockf}
- elif qt mywhich lock; then
+ elif [ -f /etc/openwrt_release ] && qt mywhich lock; then
lock ${lockf}
chmod u=r ${lockf}
else
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users