[package] firewall:

	- defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices
	- create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif
	- start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off
	- get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state
	- bump package revision to r2

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21486 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 22d3599..3b37c87 100644 (file)
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
 PKG_NAME:=firewall
 
 PKG_VERSION:=2

-PKG_RELEASE:=1
+PKG_RELEASE:=2

 
 include $(INCLUDE_DIR)/package.mk
 
 
 include $(INCLUDE_DIR)/package.mk
 

diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug
index e9d167b..bc75e42 100644 (file)
--- a/package/firewall/files/firewall.hotplug
+++ b/package/firewall/files/firewall.hotplug
@@ -9,11 +9,20 @@
 
 . /lib/firewall/core.sh
 fw_init
 
 . /lib/firewall/core.sh
 fw_init

-fw_is_loaded || exit 0
+
+# Wait for firewall if startup is in progress
+lock -w /var/lock/firewall.start

 
 case "$ACTION" in
        ifup)
 
 case "$ACTION" in
        ifup)

-               fw_configure_interface "$INTERFACE" add "$DEVICE" ;;
+               fw_is_loaded && {
+                       fw_configure_interface "$INTERFACE" add "$DEVICE" &
+               } || {
+                       /etc/init.d/firewall enabled && fw_start &
+               }
+       ;;

        ifdown)
        ifdown)

-               fw_configure_interface "$INTERFACE" del "$DEVICE" ;;
+               fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+       ;;

 esac
 esac

+

diff --git a/package/firewall/files/firewall.init b/package/firewall/files/firewall.init
index 5474248..d04804d 100755 (executable)
--- a/package/firewall/files/firewall.init
+++ b/package/firewall/files/firewall.init
@@ -10,6 +10,8 @@ fw() {
        fw_$1
 }
 
        fw_$1
 }
 

+boot() { :; }
+

 start() {
        fw start
 }
 start() {
        fw start
 }

diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 3fd98d1..bf44231 100644 (file)
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -8,6 +8,8 @@ include /lib/network
 fw_start() {
        fw_init
 
 fw_start() {
        fw_init
 

+       lock /var/lock/firewall.start
+

        FW_DEFAULTS_APPLIED=
 
        fw_is_loaded && {
        FW_DEFAULTS_APPLIED=
 
        fw_is_loaded && {


@@ -49,6 +51,8 @@ fw_start() {
        fw_callback post core
 
        uci_set_state firewall core loaded 1
        fw_callback post core
 
        uci_set_state firewall core loaded 1

+
+       lock -u /var/lock/firewall.start

 }
 
 fw_stop() {
 }
 
 fw_stop() {


@@ -75,9 +79,8 @@ fw_reload() {
 }
 
 fw_is_loaded() {
 }
 
 fw_is_loaded() {

-       local bool
-       config_get_bool bool core loaded 0
-       return $((! $bool))
+       local bool=$(uci -q -P /var/state get firewall.core.loaded)
+       return $((! ${bool:-0}))

 }
 
 
 }