gluon-radv-filterd: Reset chain when daemon shuts down

The daemon must make sure that it doesn't filter any incoming router
advertisement when it was shut down. This can be achieved by flushing all
current rules and/or adding an ACCEPT all rule at the end. When both
commands work, the state of the chain will be the same as
/lib/gluon/ebtables/400-radv-filter created it.

This doesn't handle the problem that the daemon may have been crashed and
thus the chain is in an undefined state.

Signed-off-by: Sven Eckelmann <sven@narfation.org>

package/gluon-radv-filterd/src/gluon-radv-filterd.c

@@ -118,6 +118,8 @@ static struct global {
 	.mesh_iface = "bat0",
 };
 
+static int fork_execvp_timeout(struct timespec *timeout, const char *file,
+			       const char *const argv[]);
 
 static void error_message(int status, int errnum, char *message, ...) {
 	va_list ap;
@@ -149,6 +151,10 @@ static int timespec_diff(struct timespec *tv1, struct timespec *tv2,
 
 static void cleanup(void) {
 	struct router *router;
+	struct timespec timeout = {
+		.tv_nsec = EBTABLES_TIMEOUT,
+	};
+
 	close(G.sock);
 
 	while (G.routers != NULL) {
@@ -156,6 +162,17 @@ static void cleanup(void) {
 		G.routers = router->next;
 		free(router);
 	}
+
+	if (G.chain) {
+		/* Reset chain to accept everything again */
+		if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
+				{ "ebtables", "-F", G.chain, NULL }))
+			DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
+
+		if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
+				{ "ebtables", "-A", G.chain, "-j", "ACCEPT", NULL }))
+			DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
+	}
 }
 
 static void usage(const char *msg) {