summaryrefslogtreecommitdiffstats
path: root/iptables/ip6tables.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-07-08 19:34:12 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-07-08 19:42:04 +0200
commitd7aeda5ed45ac7ca959f12180690caa371b5b14b (patch)
tree27985d6b1cdd576c22ee35b7f7fbc69eabdfd2f2 /iptables/ip6tables.c
parent945353a25bbb2dbf88128c27a9169851da6ebf05 (diff)
ip{6}tables-restore: fix breakage due to new locking approach
Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/ip6tables.c')
-rw-r--r--iptables/ip6tables.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index eededee1..1fb33f6d 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1286,7 +1286,8 @@ static void command_match(struct iptables_command_state *cs)
m->extra_opts, &m->option_offset);
}
-int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle)
+int do_command6(int argc, char *argv[], char **table,
+ struct xtc_handle **handle, bool restore)
{
struct iptables_command_state cs;
struct ip6t_entry *e = NULL;
@@ -1577,6 +1578,11 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle
break;
case 'w':
+ if (restore) {
+ xtables_error(PARAMETER_PROBLEM,
+ "You cannot use `-w' from "
+ "ip6tables-restore");
+ }
wait = true;
break;
@@ -1732,7 +1738,7 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle
chain, XT_EXTENSION_MAXNAMELEN);
/* Attempt to acquire the xtables lock */
- if (!xtables_lock(wait)) {
+ if (!restore && !xtables_lock(wait)) {
fprintf(stderr, "Another app is currently holding the xtables lock. "
"Perhaps you want to use the -w option?\n");
xtables_free_opts(1);