Menu
▾
▴
[Shorewall-devel] Race issue with shorewall "start" and "enable"
|
From: Ed W <li...@wi...> - 2015-01-21 15:43:33
|
Hi, you kindly added the interface "enable" feature some versions back in response to my use case. I have recently made some updates to my environment, which includes upgrading to shorewall 4.5.21.10. I'm hitting a race condition at startup of the device: - My init system (openrc) brings up shorewall, this runs "shorewall start" - At about the same time udev is bringing up a 3G datacard which calls "shorewall enable" as part of the udev scripts I haven't traced this exhaustively, but as near as I can tell, because it's a fairly slow box, the "enable" is running during the call to "start". I think I must have a race in as much as "enable" isnt enabling the interface, but also I see the warning "interface pppX is not usable" at the startup of Shorewall, so I infer that it in turn the main script isn't seeing the interface being up either. The net effect is that my interface starts up ok, but there are no firewall or routing rules setup for it. If I add another "shorewall enable" from the command line then everything starts working I experimented by adding a "mutex_o[n|ff]" around the relevant lines in the shorewall firewall script and this seems to resolve the race. Do you see any issues with wrapping all the commands with a mutex? Are there exit paths which might not release the mutex..? Do you see another solution to solving such a race? (I notice that at the moment only "up" and "down" paths have a mutex?) Thanks Ed W |