From c39a62a63a5d268c247da35187c14e6a0a5902e8 Mon Sep 17 00:00:00 2001 From: Sven Eckelmann Date: Wed, 20 Dec 2017 14:32:39 +0100 Subject: [PATCH] gluon-radv-filterd: Reset chain when daemon shuts down The daemon must make sure that it doesn't filter any incoming router advertisement when it was shut down. This can be achieved by flushing all current rules and/or adding an ACCEPT all rule at the end. When both commands work, the state of the chain will be the same as /lib/gluon/ebtables/400-radv-filter created it. This doesn't handle the problem that the daemon may have been crashed and thus the chain is in an undefined state. Signed-off-by: Sven Eckelmann --- .../gluon-radv-filterd/src/gluon-radv-filterd.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c index e47ea543..262509db 100644 --- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c +++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c @@ -118,6 +118,8 @@ static struct global { .mesh_iface = "bat0", }; +static int fork_execvp_timeout(struct timespec *timeout, const char *file, + const char *const argv[]); static void error_message(int status, int errnum, char *message, ...) { va_list ap; @@ -149,6 +151,10 @@ static int timespec_diff(struct timespec *tv1, struct timespec *tv2, static void cleanup(void) { struct router *router; + struct timespec timeout = { + .tv_nsec = EBTABLES_TIMEOUT, + }; + close(G.sock); while (G.routers != NULL) { @@ -156,6 +162,17 @@ static void cleanup(void) { G.routers = router->next; free(router); } + + if (G.chain) { + /* Reset chain to accept everything again */ + if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) + { "ebtables", "-F", G.chain, NULL })) + DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); + + if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) + { "ebtables", "-A", G.chain, "-j", "ACCEPT", NULL })) + DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain); + } } static void usage(const char *msg) {