首頁 探索 說明
註冊 登入
FreifunkHochstift
/
gluon
6
0
複刻 0
Files 問題管理 0 合併請求 0
目錄樹: 167e1b34dc
分支列表 標籤列表
gluon
/
patches
/
lede
/
0049-ebtables-Use-flock-for-concurrent-option.patch

0049-ebtables-Use-flock-for-concurrent-option.patch 4.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. From: Sven Eckelmann <sven@narfation.org>
    2. 

  2. Date: Wed, 20 Dec 2017 16:55:17 +0100
    3. 

  3. Subject: ebtables: Use flock() for --concurrent option
    4. 

  4. 

  5. The previous locking mechanism was not atomic, hence it was possible
    6. 

  6. that a killed ebtables process would leave the lock file in place which
    7. 

  7. in turn made future ebtables processes wait indefinitely for the lock to
    8. 

  8. become free.
    9. 

  9. 

  10. Fix this by using flock(). This also simplifies code quite a bit because
    11. 

  11. there is no need for a custom signal handler or an __exit routine
    12. 

  12. anymore.
    13. 

  13. 

  14. diff --git a/package/network/utils/ebtables/patches/300-fix-concurrent.patch b/package/network/utils/ebtables/patches/300-fix-concurrent.patch
    15. 

  15. new file mode 100644
    16. 

  16. index 0000000000000000000000000000000000000000..1a99162bf51cd175e26d49e7ee5277b8b8645f48
    17. 

  17. --- /dev/null
    18. 

  18. +++ b/package/network/utils/ebtables/patches/300-fix-concurrent.patch
    19. 

  19. @@ -0,0 +1,127 @@
    20. 

  20. +From 6a826591878db3fa9e2a94b87a3d5edd8e0fc442 Mon Sep 17 00:00:00 2001
    21. 

  21. +From: Phil Sutter <phil@nwl.cc>
    22. 

  22. +Date: Fri, 6 Oct 2017 12:48:50 +0200
    23. 

  23. +Subject: Use flock() for --concurrent option
    24. 

  24. +
    25. 

  25. +The previous locking mechanism was not atomic, hence it was possible
    26. 

  26. +that a killed ebtables process would leave the lock file in place which
    27. 

  27. +in turn made future ebtables processes wait indefinitely for the lock to
    28. 

  28. +become free.
    29. 

  29. +
    30. 

  30. +Fix this by using flock(). This also simplifies code quite a bit because
    31. 

  31. +there is no need for a custom signal handler or an __exit routine
    32. 

  32. +anymore.
    33. 

  33. +
    34. 

  34. +Signed-off-by: Phil Sutter <phil@nwl.cc>
    35. 

  35. +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    36. 

  36. +
    37. 

  37. +Origin: upstream, https://git.netfilter.org/ebtables/commit/?id=6a826591878db3fa9e2a94b87a3d5edd8e0fc442
    38. 

  38. +---
    39. 

  39. + ebtables.c |  8 --------
    40. 

  40. + libebtc.c  | 49 +++++--------------------------------------------
    41. 

  41. + 2 files changed, 5 insertions(+), 52 deletions(-)
    42. 

  42. +
    43. 

  43. +diff --git a/ebtables.c b/ebtables.c
    44. 

  44. +index 62f1ba8..f7dfccf 100644
    45. 

  45. +--- a/ebtables.c
    46. 

  46. ++++ b/ebtables.c
    47. 

  47. +@@ -528,12 +528,6 @@ void ebt_early_init_once()
    48. 

  48. + 	ebt_iterate_targets(merge_target);
    49. 

  49. + }
    50. 

  50. + 
    51. 

  51. +-/* signal handler, installed when the option --concurrent is specified. */
    52. 

  52. +-static void sighandler(int signum)
    53. 

  53. +-{
    54. 

  54. +-	exit(-1);
    55. 

  55. +-}
    56. 

  56. +-
    57. 

  57. + /* We use exec_style instead of #ifdef's because ebtables.so is a shared object. */
    58. 

  58. + int do_command(int argc, char *argv[], int exec_style,
    59. 

  59. +                struct ebt_u_replace *replace_)
    60. 

  60. +@@ -1047,8 +1041,6 @@ big_iface_length:
    61. 

  61. + 			strcpy(replace->filename, optarg);
    62. 

  62. + 			break;
    63. 

  63. + 		case 13 : /* concurrent */
    64. 

  64. +-			signal(SIGINT, sighandler);
    65. 

  65. +-			signal(SIGTERM, sighandler);
    66. 

  66. + 			use_lockfd = 1;
    67. 

  67. + 			break;
    68. 

  68. + 		case 1 :
    69. 

  69. +diff --git a/libebtc.c b/libebtc.c
    70. 

  70. +index 74830ec..c0ff8cc 100644
    71. 

  71. +--- a/libebtc.c
    72. 

  72. ++++ b/libebtc.c
    73. 

  73. +@@ -31,6 +31,7 @@
    74. 

  74. + #include "include/ethernetdb.h"
    75. 

  75. + #include <unistd.h>
    76. 

  76. + #include <fcntl.h>
    77. 

  77. ++#include <sys/file.h>
    78. 

  78. + #include <sys/wait.h>
    79. 

  79. + #include <sys/stat.h>
    80. 

  80. + #include <sys/types.h>
    81. 

  81. +@@ -137,58 +138,18 @@ void ebt_list_extensions()
    82. 

  82. + #define LOCKDIR "/var/lib/ebtables"
    83. 

  83. + #define LOCKFILE LOCKDIR"/lock"
    84. 

  84. + #endif
    85. 

  85. +-static int lockfd = -1, locked;
    86. 

  86. + int use_lockfd;
    87. 

  87. + /* Returns 0 on success, -1 when the file is locked by another process
    88. 

  88. +  * or -2 on any other error. */
    89. 

  89. + static int lock_file()
    90. 

  90. + {
    91. 

  91. +-	int try = 0;
    92. 

  92. +-	int ret = 0;
    93. 

  93. +-	sigset_t sigset;
    94. 

  94. +-
    95. 

  95. +-tryagain:
    96. 

  96. +-	/* the SIGINT handler will call unlock_file. To make sure the state
    97. 

  97. +-	 * of the variable locked is correct, we need to temporarily mask the
    98. 

  98. +-	 * SIGINT interrupt. */
    99. 

  99. +-	sigemptyset(&sigset);
    100. 

  100. +-	sigaddset(&sigset, SIGINT);
    101. 

  101. +-	sigprocmask(SIG_BLOCK, &sigset, NULL);
    102. 

  102. +-	lockfd = open(LOCKFILE, O_CREAT | O_EXCL | O_WRONLY, 00600);
    103. 

  103. +-	if (lockfd < 0) {
    104. 

  104. +-		if (errno == EEXIST)
    105. 

  105. +-			ret = -1;
    106. 

  106. +-		else if (try == 1)
    107. 

  107. +-			ret = -2;
    108. 

  108. +-		else {
    109. 

  109. +-			if (mkdir(LOCKDIR, 00700))
    110. 

  110. +-				ret = -2;
    111. 

  111. +-			else {
    112. 

  112. +-				try = 1;
    113. 

  113. +-				goto tryagain;
    114. 

  114. +-			}
    115. 

  115. +-		}
    116. 

  116. +-	} else {
    117. 

  117. +-		close(lockfd);
    118. 

  118. +-		locked = 1;
    119. 

  119. +-	}
    120. 

  120. +-	sigprocmask(SIG_UNBLOCK, &sigset, NULL);
    121. 

  121. +-	return ret;
    122. 

  122. +-}
    123. 

  123. ++	int fd = open(LOCKFILE, O_CREAT, 00600);
    124. 

  124. + 
    125. 

  125. +-void unlock_file()
    126. 

  126. +-{
    127. 

  127. +-	if (locked) {
    128. 

  128. +-		remove(LOCKFILE);
    129. 

  129. +-		locked = 0;
    130. 

  130. +-	}
    131. 

  131. ++	if (fd < 0)
    132. 

  132. ++		return -2;
    133. 

  133. ++	return flock(fd, LOCK_EX);
    134. 

  134. + }
    135. 

  135. + 
    136. 

  136. +-void __attribute__ ((destructor)) onexit()
    137. 

  137. +-{
    138. 

  138. +-	if (use_lockfd)
    139. 

  139. +-		unlock_file();
    140. 

  140. +-}
    141. 

  141. + /* Get the table from the kernel or from a binary file
    142. 

  142. +  * init: 1 = ask the kernel for the initial contents of a table, i.e. the
    143. 

  143. +  *           way it looks when the table is insmod'ed
    144. 

  144. +-- 
    145. 

  145. +cgit v1.1
    146. 

  146. +
    147.