From 31e4b5906ff676a3c13060d6f456d72b7f6c90c2 Mon Sep 17 00:00:00 2001 From: Joel Goguen Date: Wed, 11 Jul 2018 16:32:20 -0700 Subject: iptables-restore: free the table lock when skipping a table Currently, when running `iptables-restore --table=X`, where `X` is not the first table in the rules dump, the restore will fail when parsing the second table: - a lock is acquird when parsing the first table name - the table name does not match the parameter to `--table` so processing continues until the next table - when processing the next table a lock is acquired, which fails because a lock is already held Another app is currently holding the xtables lock. Perhaps you want to use the -w option? This will release the lock as soon as it's decided the current table won't be used. Signed-off-by: Joel Goguen Signed-off-by: Florian Westphal --- iptables/ip6tables-restore.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'iptables/ip6tables-restore.c') diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c index cc50bb4f..d36f92da 100644 --- a/iptables/ip6tables-restore.c +++ b/iptables/ip6tables-restore.c @@ -325,8 +325,13 @@ int ip6tables_restore_main(int argc, char *argv[]) strncpy(curtable, table, XT_TABLE_MAXNAMELEN); curtable[XT_TABLE_MAXNAMELEN] = '\0'; - if (tablename != NULL && strcmp(tablename, table) != 0) + if (tablename != NULL && strcmp(tablename, table) != 0) { + if (lock >= 0) { + xtables_unlock(lock); + lock = XT_LOCK_NOT_ACQUIRED; + } continue; + } if (handle) ops->free(handle); -- cgit v1.2.3