LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: LEDE Project
Opened by Charlemagne Lasse - 01.08.2017

FS#943 - iptables 1.6.1 ignores locks

Just flashed a device with the current snapshot of LEDE (https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/; r4657-bb4d500). And then I’ve wanted to use locking with iptables but noticed that the lock was just not working:

root@LEDE:/# strace iptables -w -L
...
open("/run/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = -1 ENOENT (No such file or directory)
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
getsockopt(3, SOL_IP, IPT_SO_GET_INFO, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0
...

The lock was basically ignored and the socket was opened without the lock opened. The package is missing following things:

* change https://git.netfilter.org/iptables/commit/?id=836846f0d747e1be8e37d2d43b215a68b30ea1a9 * change https://git.netfilter.org/iptables/commit/?id=b91af533f4da15854893ba5cc082e1df6bcf9a97 * change https://git.netfilter.org/iptables/commit/?id=80d8bfaac9e2430d710084a10ec78e68bd61e6ec * iptables Makefile change to add following configure option: –xt-lock-name=/var/lock/xtables.lock

It is not save to use multiple (writing) iptables processes without locking. It is therefore a rather big problem that it is broken at the moment

Charlemagne Lasse commented on 01.08.2017 09:34

Here is the list of required changes again:

Charlemagne Lasse commented on 01.08.2017 10:24

Here is the output of a patched version (don't forget to update the configure script):

root@LEDE:/#  strace -e open,flock iptables -w -L
...
open("/var/lock/xtables.lock", O_RDONLY|O_CREAT|O_LARGEFILE, 0600) = 3
flock(3, LOCK_EX)
....

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing