From d7aeda5ed45ac7ca959f12180690caa371b5b14b Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 8 Jul 2013 19:34:12 +0200 Subject: ip{6}tables-restore: fix breakage due to new locking approach Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso --- iptables/iptables.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'iptables/iptables.c') diff --git a/iptables/iptables.c b/iptables/iptables.c index f857bebc..fe18e1cc 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1282,7 +1282,8 @@ static void command_match(struct iptables_command_state *cs) xtables_error(OTHER_PROBLEM, "can't alloc memory!"); } -int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle) +int do_command4(int argc, char *argv[], char **table, + struct xtc_handle **handle, bool restore) { struct iptables_command_state cs; struct ipt_entry *e = NULL; @@ -1571,6 +1572,11 @@ int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle break; case 'w': + if (restore) { + xtables_error(PARAMETER_PROBLEM, + "You cannot use `-w' from " + "iptables-restore"); + } wait = true; break; @@ -1729,7 +1735,7 @@ int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle chain, XT_EXTENSION_MAXNAMELEN); /* Attempt to acquire the xtables lock */ - if (!xtables_lock(wait)) { + if (!restore && !xtables_lock(wait)) { fprintf(stderr, "Another app is currently holding the xtables lock. " "Perhaps you want to use the -w option?\n"); xtables_free_opts(1); -- cgit v1.2.3