Date: Thu, 25 Mar 2004 01:59:34 +0600 From: Max Khon <fjoe@samodelkin.net> To: freebsd-net@freebsd.org Subject: race condition in ipfw restart (please review the fix) Message-ID: <20040324195934.GA76265@samodelkin.net>
next in thread | raw e-mail | index | archive | help
Hello!
ipfw restart has race condition: there is "sleep 2" statement after
killall natd but if natd will not die in 2 seconds ipfw can't
start nat daemon (natd: Unable to bind divert socket.: Address already in use).
I would like to commit the fix for it. Diff and /etc/rc.d/natd script
attached.
/fjoe
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: natd
# KEYWORD: FreeBSD nostart nojail
. /etc/rc.subr
. /etc/network.subr
name="natd"
rcvar=`set_rcvar`
command="/sbin/${name}"
start_cmd="natd_start"
natd_start()
{
dhcp_list="`list_net_interfaces dhcp`"
for ifn in ${dhcp_list}; do
case ${natd_interface} in
${ifn})
natd_flags="$natd_flags -dynamic"
;;
*)
;;
esac
done
if [ -n "${natd_interface}" ]; then
if echo ${natd_interface} | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
natd_flags="$natd_flags -a ${natd_interface}"
else
natd_flags="$natd_flags -n ${natd_interface}"
fi
fi
echo -n ' natd'
${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
}
load_rc_config $name
run_rc_command "$1"
Index: ipfw
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/ipfw,v
retrieving revision 1.6
diff -u -p -r1.6 ipfw
--- ipfw 8 Mar 2004 12:25:05 -0000 1.6
+++ ipfw 14 Mar 2004 20:24:37 -0000
@@ -37,31 +37,7 @@ ipfw_start()
if [ -r "${firewall_script}" ]; then
. "${firewall_script}"
echo -n 'Firewall rules loaded, starting divert daemons:'
-
- # Network Address Translation daemon
- #
- if checkyesno natd_enable; then
- dhcp_list="`list_net_interfaces dhcp`"
- for ifn in ${dhcp_list}; do
- case ${natd_interface} in
- ${ifn})
- natd_flags="$natd_flags -dynamic"
- ;;
- *)
- ;;
- esac
- done
- if [ -n "${natd_interface}" ]; then
- if echo ${natd_interface} | \
- grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
- natd_flags="$natd_flags -a ${natd_interface}"
- else
- natd_flags="$natd_flags -n ${natd_interface}"
- fi
- fi
- echo -n ' natd'
- ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
- fi
+ /etc/rc.d/natd start
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
echo 'Warning: kernel has firewall functionality, but' \
' firewall rules are not enabled.'
@@ -86,8 +62,7 @@ ipfw_stop()
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
- killall natd;
- sleep 2;
+ /etc/rc.d/natd stop
}
load_rc_config $name
----- End forwarded message -----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040324195934.GA76265>