Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix locking if LOCKDIR does not exist | Phil Sutter | 2018-01-17 | 1 | -4/+10 |
| | | | | | | | | | | | The previous conversion to using flock() missed a crucial bit of code which tries to create LOCKDIR once in case opening the lock failed - This patch reestablishes the old behaviour. Reported-by: Tangchen (UVP) <tang.chen@huawei.com> Fixes: 6a826591878db ("Use flock() for --concurrent option") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | Use flock() for --concurrent option | Phil Sutter | 2017-10-24 | 1 | -44/+5 |
| | | | | | | | | | | | | | | The previous locking mechanism was not atomic, hence it was possible that a killed ebtables process would leave the lock file in place which in turn made future ebtables processes wait indefinitely for the lock to become free. Fix this by using flock(). This also simplifies code quite a bit because there is no need for a custom signal handler or an __exit routine anymore. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | ebtables: Allow RETURN target rules in user defined chains | Alin Năstac | 2015-10-28 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | During loop checking ebtables marks entries with '1 << NF_BR_NUMHOOKS' if they're called from a base chain rather than a user defined chain. This can be used by ebtables targets that can encode a special return value to bail out if e.g. RETURN is used from a base chain. Unfortunately, this is broken, since the '1 << NF_BR_NUMHOOKS' is also copied to called user-defined-chains (i.e., a user defined chain can no longer be distinguished from a base chain): root@OpenWrt:~# ebtables -N foo root@OpenWrt:~# ebtables -A OUTPUT -j foo root@OpenWrt:~# ebtables -A foo -j mark --mark-or 3 --mark-target RETURN --mark-target RETURN not allowed on base chain. This works if -A OUTPUT -j foo is omitted, but will still appear if we try to call foo from OUTPUT afterwards. After this patch we still reject '-A OUTPUT -j mark .. --mark-target RETURN'. Signed-off-by: Florian Westphal <fw@strlen.de> | ||||
* | remove compile warning, conditionally define LOCKFILE | Bart De Schuymer | 2011-07-10 | 1 | -0/+4 |
| | |||||
* | fix use-after-free issue found by Coverity static analysis (thanks to Jiri ↵ | Bart De Schuymer | 2011-06-23 | 1 | -2/+2 |
| | | | | Popelka) | ||||
* | add logic to support the --concurrent option: use a file lock to support ↵ | Bart De Schuymer | 2011-06-19 | 1 | -0/+67 |
| | | | | concurrent scripts running ebtables | ||||
* | speedup checking for loops | Bart De Schuymer | 2007-02-11 | 1 | -2/+5 |
| | |||||
* | fix -X bug | Bart De Schuymer | 2006-07-31 | 1 | -8/+11 |
| | |||||
* | bugfix | Bart De Schuymer | 2006-07-28 | 1 | -1/+1 |
| | |||||
* | init hook_mask when no udc | Bart De Schuymer | 2006-01-23 | 1 | -4/+6 |
| | |||||
* | send bug messages to stderr | Bart De Schuymer | 2005-11-09 | 1 | -3/+3 |
| | |||||
* | fix -D | Bart De Schuymer | 2005-10-24 | 1 | -1/+4 |
| | |||||
* | minor changes | Bart De Schuymer | 2005-10-01 | 1 | -11/+0 |
| | |||||
* | cleanup | Bart De Schuymer | 2005-09-28 | 1 | -2/+2 |
| | |||||
* | bugfix | Bart De Schuymer | 2005-09-01 | 1 | -0/+1 |
| | |||||
* | bugfix | Bart De Schuymer | 2005-08-30 | 1 | -5/+5 |
| | |||||
* | put rules in doubly linked list | Bart De Schuymer | 2005-08-28 | 1 | -49/+51 |
| | |||||
* | put reference to cc in each entry | Bart De Schuymer | 2005-08-28 | 1 | -196/+75 |
| | |||||
* | make array of chains | Bart De Schuymer | 2005-08-27 | 1 | -245/+106 |
| | |||||
* | trivial cleanups | Bart De Schuymer | 2005-08-12 | 1 | -2/+8 |
| | |||||
* | cleanup | Bart De Schuymer | 2005-07-16 | 1 | -27/+24 |
| | |||||
* | more cleanup | Bart De Schuymer | 2005-03-28 | 1 | -68/+57 |
| | |||||
* | complete -c and -C implementation | Bart De Schuymer | 2005-02-14 | 1 | -16/+37 |
| | |||||
* | general cleanup + add -C and -c | Bart De Schuymer | 2005-02-08 | 1 | -27/+94 |
| | |||||
* | add '.' after messages | Bart De Schuymer | 2005-01-24 | 1 | -1/+1 |
| | |||||
* | really zero counters | Bart De Schuymer | 2005-01-24 | 1 | -0/+24 |
| | |||||
* | add new counter scheme | Bart De Schuymer | 2005-01-23 | 1 | -0/+1 |
| | |||||
* | add ebtablesu scheme, along with general cleanup | Bart De Schuymer | 2005-01-19 | 1 | -314/+221 |
| | |||||
* | Fix problem with udc | Bart De Schuymer | 2004-12-16 | 1 | -1/+1 |
| | |||||
* | gcc doesn't like a label at the end.. tss | Bart De Schuymer | 2004-09-09 | 1 | -1/+1 |
| | |||||
* | add shared libraries | Bart De Schuymer | 2004-01-21 | 1 | -43/+69 |
| | |||||
* | ebtables library functions | Bart De Schuymer | 2004-01-14 | 1 | -0/+1499 |