From 31e4b5906ff676a3c13060d6f456d72b7f6c90c2 Mon Sep 17 00:00:00 2001 From: Joel Goguen Date: Wed, 11 Jul 2018 16:32:20 -0700 Subject: iptables-restore: free the table lock when skipping a table Currently, when running `iptables-restore --table=X`, where `X` is not the first table in the rules dump, the restore will fail when parsing the second table: - a lock is acquird when parsing the first table name - the table name does not match the parameter to `--table` so processing continues until the next table - when processing the next table a lock is acquired, which fails because a lock is already held Another app is currently holding the xtables lock. Perhaps you want to use the -w option? This will release the lock as soon as it's decided the current table won't be used. Signed-off-by: Joel Goguen Signed-off-by: Florian Westphal --- .../ipt-restore/0001load-specific-table_0 | 41 ++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100755 iptables/tests/shell/testcases/ipt-restore/0001load-specific-table_0 (limited to 'iptables/tests/shell/testcases/ipt-restore/0001load-specific-table_0') diff --git a/iptables/tests/shell/testcases/ipt-restore/0001load-specific-table_0 b/iptables/tests/shell/testcases/ipt-restore/0001load-specific-table_0 new file mode 100755 index 00000000..ce3bef3a --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-restore/0001load-specific-table_0 @@ -0,0 +1,41 @@ +#!/bin/bash + +RET=0 +tmpfile="" + +set -x + +clean_tempfile() +{ + if [ -n "${tmpfile}" ]; then + rm -f "${tmpfile}" + fi +} + +trap clean_tempfile EXIT + +tmpfile=$(mktemp) || exit 1 + +do_simple() +{ + iptables="${1}" + table="${2}" + dumpfile="$(dirname "${0}")/dumps/${iptables}.dump" + + "$XT_MULTI" "${iptables}-restore" --table="${table}" <"${dumpfile}"; rv=$? + + if [ "${rv}" -ne 0 ]; then + RET=1 + fi +} + +do_simple "iptables" "filter" +do_simple "iptables" "mangle" +do_simple "iptables" "raw" +do_simple "iptables" "nat" +do_simple "ip6tables" "filter" +do_simple "ip6tables" "mangle" +do_simple "ip6tables" "raw" +do_simple "ip6tables" "nat" + +exit "${RET}" -- cgit v1.2.3