Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
Just flashed a device with the current snapshot of LEDE (https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/; r4657-bb4d500). And then I've wanted to use locking with iptables but noticed that the lock was just not working:
root@LEDE:/# strace iptables -w -L
open("/run/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = -1 ENOENT (No such file or directory)
socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_INFO, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., ) = 0
The lock was basically ignored and the socket was opened without the lock opened. The package is missing following things:
It is not save to use multiple (writing) iptables processes without locking. It is therefore a rather big problem that it is broken at the moment
The text was updated successfully, but these errors were encountered:
Here is the list of required changes again:
Sorry, something went wrong.
Here is the output of a patched version (don't forget to update the configure script):
root@LEDE:/# strace -e open,flock iptables -w -L
open("/var/lock/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = 3
All these iptables changes are still unreleased. They will be picked up whenever a new version of iptables is released and updated in LEDE.
Feel free to submit a patch when the next version is released, and in the meantime you can submit a patch that simply changes the path to the lock.
No branches or pull requests