diff options
author | Joel Goguen <contact+netfilter@jgoguen.ca> | 2018-07-11 16:32:20 -0700 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-07-26 15:04:29 +0200 |
commit | 31e4b5906ff676a3c13060d6f456d72b7f6c90c2 (patch) | |
tree | 1d3bc02a38caf7e7355c6ce01255217ea8028a8d /iptables/tests/shell/testcases/ipt-restore/dumps | |
parent | f8e29a13fed8de2d1276923638d2d6d9988dd8bb (diff) |
iptables-restore: free the table lock when skipping a table
Currently, when running `iptables-restore --table=X`, where `X` is not the first
table in the rules dump, the restore will fail when parsing the second table:
- a lock is acquird when parsing the first table name
- the table name does not match the parameter to `--table` so processing
continues until the next table
- when processing the next table a lock is acquired, which fails because a lock
is already held
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
This will release the lock as soon as it's decided the current table won't be
used.
Signed-off-by: Joel Goguen <contact+netfilter@jgoguen.ca>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/tests/shell/testcases/ipt-restore/dumps')
-rw-r--r-- | iptables/tests/shell/testcases/ipt-restore/dumps/ip6tables.dump | 30 | ||||
-rw-r--r-- | iptables/tests/shell/testcases/ipt-restore/dumps/iptables.dump | 30 |
2 files changed, 60 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ipt-restore/dumps/ip6tables.dump b/iptables/tests/shell/testcases/ipt-restore/dumps/ip6tables.dump new file mode 100644 index 00000000..4ac4f882 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-restore/dumps/ip6tables.dump @@ -0,0 +1,30 @@ +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [8:656] +:POSTROUTING ACCEPT [8:656] +COMMIT + +*mangle +:PREROUTING ACCEPT [794:190738] +:INPUT ACCEPT [794:190738] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [991:170303] +:POSTROUTING ACCEPT [991:170303] +COMMIT + +*raw +:PREROUTING ACCEPT [794:190738] +:OUTPUT ACCEPT [991:170303] +COMMIT + +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [991:170303] +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p ipv6-icmp -j ACCEPT +-A OUTPUT -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp6-port-unreachable +-A OUTPUT -p udp -m udp --dport 137 -j REJECT --reject-with icmp6-port-unreachable +COMMIT diff --git a/iptables/tests/shell/testcases/ipt-restore/dumps/iptables.dump b/iptables/tests/shell/testcases/ipt-restore/dumps/iptables.dump new file mode 100644 index 00000000..6e4e42d3 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-restore/dumps/iptables.dump @@ -0,0 +1,30 @@ +*nat +:PREROUTING ACCEPT [1:89] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [351:24945] +:POSTROUTING ACCEPT [351:24945] +COMMIT + +*mangle +:PREROUTING ACCEPT [3270:1513114] +:INPUT ACCEPT [3270:1513114] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [3528:1087907] +:POSTROUTING ACCEPT [3546:1090751] +COMMIT + +*raw +:PREROUTING ACCEPT [3270:1513114] +:OUTPUT ACCEPT [3528:1087907] +COMMIT + +*filter +:INPUT DROP [37:4057] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [3528:1087907] +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A OUTPUT -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A OUTPUT -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable +COMMIT |