OpenWrt/LEDE Project

  • Status Closed
  • Percent Complete
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version lede-17.01
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Charlemagne Lasse - 01.08.2017
Last edited by Yousong Zhou - 24.10.2019

FS#943 - iptables 1.6.1 fails to acquire a lock because /run/ does not exist

Just flashed a device with the current snapshot of LEDE (; r4657-bb4d500). And then I’ve wanted to use locking with iptables but noticed that the lock was just not working:

root@LEDE:/# strace iptables -w -L
open("/run/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = -1 ENOENT (No such file or directory)
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
getsockopt(3, SOL_IP, IPT_SO_GET_INFO, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0

The lock was basically ignored and the socket was opened without the lock opened. The package is missing following things:

* change * change * change * iptables Makefile change to add following configure option: –xt-lock-name=/var/lock/xtables.lock

It is not save to use multiple (writing) iptables processes without locking. It is therefore a rather big problem that it is broken at the moment

Closed by  Yousong Zhou
24.10.2019 07:04
Reason for closing:  Fixed
Additional comments about closing:  

Fixed since openwrt-18.06 with iptables 1.6.2

Charlemagne Lasse commented on 01.08.2017 09:34

Here is the list of required changes again:

Charlemagne Lasse commented on 01.08.2017 10:24

Here is the output of a patched version (don't forget to update the configure script):

root@LEDE:/#  strace -e open,flock iptables -w -L
open("/var/lock/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = 3
flock(3, LOCK_EX)
Project Manager
Baptiste Jonglez commented on 25.08.2017 12:47

All these iptables changes are still unreleased. They will be picked up whenever a new version of iptables is released and updated in LEDE.

Feel free to submit a patch when the next version is released, and in the meantime you can submit a patch that simply changes the path to the lock.


Available keyboard shortcuts


Task Details

Task Editing