gluon-radv-filterd: Reset chain when daemon shuts down
The daemon must make sure that it doesn't filter any incoming router advertisement when it was shut down. This can be achieved by flushing all current rules and/or adding an ACCEPT all rule at the end. When both commands work, the state of the chain will be the same as /lib/gluon/ebtables/400-radv-filter created it. This doesn't handle the problem that the daemon may have been crashed and thus the chain is in an undefined state. Signed-off-by: Sven Eckelmann <sven@narfation.org>
This commit is contained in:
Sven Eckelmann
Jan-Philipp Litza
parent
bc3b3e300f
commit
c39a62a63a
@ -118,6 +118,8 @@ static struct global {
|
||||
.mesh_iface = "bat0",
|
||||
};
|
||||
|
||||
static int fork_execvp_timeout(struct timespec *timeout, const char *file,
|
||||
const char *const argv[]);
|
||||
|
||||
static void error_message(int status, int errnum, char *message, ...) {
|
||||
va_list ap;
|
||||
@ -149,6 +151,10 @@ static int timespec_diff(struct timespec *tv1, struct timespec *tv2,
|
||||
|
||||
static void cleanup(void) {
|
||||
struct router *router;
|
||||
struct timespec timeout = {
|
||||
.tv_nsec = EBTABLES_TIMEOUT,
|
||||
};
|
||||
|
||||
close(G.sock);
|
||||
|
||||
while (G.routers != NULL) {
|
||||
@ -156,6 +162,17 @@ static void cleanup(void) {
|
||||
G.routers = router->next;
|
||||
free(router);
|
||||
}
|
||||
|
||||
if (G.chain) {
|
||||
/* Reset chain to accept everything again */
|
||||
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
||||
{ "ebtables", "-F", G.chain, NULL }))
|
||||
DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
|
||||
|
||||
if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
|
||||
{ "ebtables", "-A", G.chain, "-j", "ACCEPT", NULL }))
|
||||
DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
|
||||
}
|
||||
}
|
||||
|
||||
static void usage(const char *msg) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user