We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
charlemagnelasse:
Just flashed a device with the current snapshot of LEDE (https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/; r4657-bb4d500). And then I've wanted to use locking with iptables but noticed that the lock was just not working:
root@LEDE:/# strace iptables -w -L ... open("/run/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = -1 ENOENT (No such file or directory) socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_INFO, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0 ...
The lock was basically ignored and the socket was opened without the lock opened. The package is missing following things:
It is not save to use multiple (writing) iptables processes without locking. It is therefore a rather big problem that it is broken at the moment
The text was updated successfully, but these errors were encountered:
Here is the list of required changes again:
--with-xt-lock-name=/var/lock/xtables.lock </code>
Sorry, something went wrong.
Here is the output of a patched version (don't forget to update the configure script):
root@LEDE:/# strace -e open,flock iptables -w -L ... open("/var/lock/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = 3 flock(3, LOCK_EX) ....
bjonglez:
All these iptables changes are still unreleased. They will be picked up whenever a new version of iptables is released and updated in LEDE.
Feel free to submit a patch when the next version is released, and in the meantime you can submit a patch that simply changes the path to the lock.
https://lede-project.org/submitting-patches
No branches or pull requests
charlemagnelasse:
Just flashed a device with the current snapshot of LEDE (https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/; r4657-bb4d500). And then I've wanted to use locking with iptables but noticed that the lock was just not working:
root@LEDE:/# strace iptables -w -L ... open("/run/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = -1 ENOENT (No such file or directory) socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_INFO, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0 ...
The lock was basically ignored and the socket was opened without the lock opened. The package is missing following things:
It is not save to use multiple (writing) iptables processes without locking. It is therefore a rather big problem that it is broken at the moment
The text was updated successfully, but these errors were encountered: