diff options
author | Joel Goguen <contact+netfilter@jgoguen.ca> | 2018-07-11 16:32:20 -0700 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-07-26 15:04:29 +0200 |
commit | 31e4b5906ff676a3c13060d6f456d72b7f6c90c2 (patch) | |
tree | 1d3bc02a38caf7e7355c6ce01255217ea8028a8d /iptables/iptables-restore.c | |
parent | f8e29a13fed8de2d1276923638d2d6d9988dd8bb (diff) |
iptables-restore: free the table lock when skipping a table
Currently, when running `iptables-restore --table=X`, where `X` is not the first
table in the rules dump, the restore will fail when parsing the second table:
- a lock is acquird when parsing the first table name
- the table name does not match the parameter to `--table` so processing
continues until the next table
- when processing the next table a lock is acquired, which fails because a lock
is already held
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
This will release the lock as soon as it's decided the current table won't be
used.
Signed-off-by: Joel Goguen <contact+netfilter@jgoguen.ca>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/iptables-restore.c')
-rw-r--r-- | iptables/iptables-restore.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index d5603fce..142ddb82 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -323,8 +323,13 @@ iptables_restore_main(int argc, char *argv[]) strncpy(curtable, table, XT_TABLE_MAXNAMELEN); curtable[XT_TABLE_MAXNAMELEN] = '\0'; - if (tablename && (strcmp(tablename, table) != 0)) + if (tablename && (strcmp(tablename, table) != 0)) { + if (lock >= 0) { + xtables_unlock(lock); + lock = XT_LOCK_NOT_ACQUIRED; + } continue; + } if (handle) ops->free(handle); |