From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 11:59:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2163216A4CE for ; Wed, 24 Mar 2004 11:59:40 -0800 (PST) Received: from samodelkin.net (samodelkin.net [81.176.202.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 424FB43D46 for ; Wed, 24 Mar 2004 11:59:39 -0800 (PST) (envelope-from fjoe@samodelkin.net) Received: from samodelkin.net (localhost [127.0.0.1]) by samodelkin.net (8.12.10/8.12.10) with ESMTP id i2OJxZae076324 for ; Thu, 25 Mar 2004 01:59:35 +0600 (NOVT) (envelope-from fjoe@samodelkin.net) Received: (from fjoe@localhost) by samodelkin.net (8.12.10/8.12.10/Submit) id i2OJxZCI076323 for freebsd-net@freebsd.org; Thu, 25 Mar 2004 01:59:35 +0600 (NOVT) (envelope-from fjoe) Date: Thu, 25 Mar 2004 01:59:34 +0600 From: Max Khon To: freebsd-net@freebsd.org Message-ID: <20040324195934.GA76265@samodelkin.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2i Subject: race condition in ipfw restart (please review the fix) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 19:59:40 -0000 Hello! ipfw restart has race condition: there is "sleep 2" statement after killall natd but if natd will not die in 2 seconds ipfw can't start nat daemon (natd: Unable to bind divert socket.: Address already in use). I would like to commit the fix for it. Diff and /etc/rc.d/natd script attached. /fjoe #!/bin/sh # # $FreeBSD$ # # PROVIDE: natd # KEYWORD: FreeBSD nostart nojail . /etc/rc.subr . /etc/network.subr name="natd" rcvar=`set_rcvar` command="/sbin/${name}" start_cmd="natd_start" natd_start() { dhcp_list="`list_net_interfaces dhcp`" for ifn in ${dhcp_list}; do case ${natd_interface} in ${ifn}) natd_flags="$natd_flags -dynamic" ;; *) ;; esac done if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then natd_flags="$natd_flags -a ${natd_interface}" else natd_flags="$natd_flags -n ${natd_interface}" fi fi echo -n ' natd' ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} } load_rc_config $name run_rc_command "$1" Index: ipfw =================================================================== RCS file: /home/ncvs/src/etc/rc.d/ipfw,v retrieving revision 1.6 diff -u -p -r1.6 ipfw --- ipfw 8 Mar 2004 12:25:05 -0000 1.6 +++ ipfw 14 Mar 2004 20:24:37 -0000 @@ -37,31 +37,7 @@ ipfw_start() if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - if checkyesno natd_enable; then - dhcp_list="`list_net_interfaces dhcp`" - for ifn in ${dhcp_list}; do - case ${natd_interface} in - ${ifn}) - natd_flags="$natd_flags -dynamic" - ;; - *) - ;; - esac - done - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd' - ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} - fi + /etc/rc.d/natd start elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality, but' \ ' firewall rules are not enabled.' @@ -86,8 +62,7 @@ ipfw_stop() # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 - killall natd; - sleep 2; + /etc/rc.d/natd stop } load_rc_config $name ----- End forwarded message -----