diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-08 19:34:12 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-08 19:42:04 +0200 |
commit | d7aeda5ed45ac7ca959f12180690caa371b5b14b (patch) | |
tree | 27985d6b1cdd576c22ee35b7f7fbc69eabdfd2f2 /iptables/ip6tables.c | |
parent | 945353a25bbb2dbf88128c27a9169851da6ebf05 (diff) |
ip{6}tables-restore: fix breakage due to new locking approach
Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances),
ip{6}tables-restore does not work anymore:
iptables-restore < x
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
do_command{6}(...) is called from ip{6}tables-restore for every iptables
command contained in the rule-set file. Thus, hitting the lock error
after the second command.
Fix it by bypassing the locking in the ip{6}tables-restore path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/ip6tables.c')
-rw-r--r-- | iptables/ip6tables.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index eededee1..1fb33f6d 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1286,7 +1286,8 @@ static void command_match(struct iptables_command_state *cs) m->extra_opts, &m->option_offset); } -int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle) +int do_command6(int argc, char *argv[], char **table, + struct xtc_handle **handle, bool restore) { struct iptables_command_state cs; struct ip6t_entry *e = NULL; @@ -1577,6 +1578,11 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle break; case 'w': + if (restore) { + xtables_error(PARAMETER_PROBLEM, + "You cannot use `-w' from " + "ip6tables-restore"); + } wait = true; break; @@ -1732,7 +1738,7 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle chain, XT_EXTENSION_MAXNAMELEN); /* Attempt to acquire the xtables lock */ - if (!xtables_lock(wait)) { + if (!restore && !xtables_lock(wait)) { fprintf(stderr, "Another app is currently holding the xtables lock. " "Perhaps you want to use the -w option?\n"); xtables_free_opts(1); |