X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=main.c;h=d4d7b7b6aa577539faaa8859158170ac38ac0884;hp=3654c1503842929c50cafe8f84f97f404176c49a;hb=eb2a20924afd979feb485298111ced679de42aa0;hpb=24e1ba98e43d44ad7ba5780afd0b98e19ee14570

diff --git a/main.c b/main.c
index 3654c15..d4d7b7b 100644
--- a/main.c
+++ b/main.c
@@ -135,7 +135,7 @@ restore_pipe(enum fw3_family family, bool silent)
 static bool
 family_running(struct fw3_state *state, enum fw3_family family)
 {
-	return hasbit(state->defaults.running_flags, family);
+	return has(state->defaults.flags, family, family);
 }
 
 static bool
@@ -144,19 +144,13 @@ family_used(enum fw3_family family)
 	return (use_family == FW3_FAMILY_ANY) || (use_family == family);
 }
 
-static bool
-family_loaded(struct fw3_state *state, enum fw3_family family)
-{
-	return hasbit(state->defaults.flags, family);
-}
-
 static void
 family_set(struct fw3_state *state, enum fw3_family family, bool set)
 {
 	if (set)
-		setbit(state->defaults.flags, family);
+		set(state->defaults.flags, family, family);
 	else
-		delbit(state->defaults.flags, family);
+		del(state->defaults.flags, family, family);
 }
 
 static int
@@ -167,7 +161,6 @@ stop(struct fw3_state *state, bool complete, bool reload)
 	int rv = 1;
 	enum fw3_family family;
 	enum fw3_table table;
-	enum fw3_target policy = reload ? FW3_TARGET_DROP : FW3_TARGET_ACCEPT;
 
 	if (!complete && !state->statefile)
 	{
@@ -178,6 +171,9 @@ stop(struct fw3_state *state, bool complete, bool reload)
 		return rv;
 	}
 
+	if (!print_rules)
+		fw3_hotplug_zones(state, false);
+
 	for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
 	{
 		if (!complete && !family_running(state, family))
@@ -186,15 +182,13 @@ stop(struct fw3_state *state, bool complete, bool reload)
 		if (!family_used(family) || !restore_pipe(family, true))
 			continue;
 
-		info("Removing %s rules ...", fw3_flag_names[family]);
-
 		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
 		{
 			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
 				continue;
 
-			info(" * %sing %s table",
-			     complete ? "Flush" : "Clear", fw3_flag_names[table]);
+			info(" * %sing %s %s table", complete ? "Flush" : "Clear",
+			     fw3_flag_names[family], fw3_flag_names[table]);
 
 			fw3_pr("*%s\n", fw3_flag_names[table]);
 
@@ -205,12 +199,12 @@ stop(struct fw3_state *state, bool complete, bool reload)
 			else
 			{
 				/* pass 1 */
-				fw3_flush_rules(table, family, false, state, policy);
-				fw3_flush_zones(table, family, false, reload, state);
+				fw3_flush_rules(state, family, table, reload, false);
+				fw3_flush_zones(state, family, table, reload, false);
 
 				/* pass 2 */
-				fw3_flush_rules(table, family, true, state, policy);
-				fw3_flush_zones(table, family, true, reload, state);
+				fw3_flush_rules(state, family, table, reload, true);
+				fw3_flush_zones(state, family, table, reload, true);
 			}
 
 			fw3_pr("COMMIT\n");
@@ -234,7 +228,7 @@ stop(struct fw3_state *state, bool complete, bool reload)
 
 	if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
 	{
-		info("Flushing conntrack table ...");
+		info(" * Flushing conntrack table ...");
 
 		fwrite("f\n", 2, 1, ct);
 		fclose(ct);
@@ -276,32 +270,30 @@ start(struct fw3_state *state, bool reload)
 			continue;
 		}
 
-		if (!family_loaded(state, family) || !restore_pipe(family, false))
+		if (!restore_pipe(family, false))
 			continue;
 
-		info("Constructing %s rules ...", fw3_flag_names[family]);
-
 		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
 		{
 			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
 				continue;
 
-			info(" * Populating %s table", fw3_flag_names[table]);
+			info(" * Populating %s %s table",
+			     fw3_flag_names[family], fw3_flag_names[table]);
 
 			fw3_pr("*%s\n", fw3_flag_names[table]);
-			fw3_print_default_chains(table, family, state);
-			fw3_print_zone_chains(table, family, state);
-			fw3_print_default_head_rules(table, family, state);
-			fw3_print_rules(table, family, state);
-			fw3_print_redirects(table, family, state);
-			fw3_print_forwards(table, family, state);
-			fw3_print_zone_rules(table, family, state);
-			fw3_print_default_tail_rules(table, family, state);
+			fw3_print_default_chains(state, family, table, reload);
+			fw3_print_zone_chains(state, family, table, reload);
+			fw3_print_default_head_rules(state, family, table, reload);
+			fw3_print_rules(state, family, table);
+			fw3_print_redirects(state, family, table);
+			fw3_print_forwards(state, family, table);
+			fw3_print_zone_rules(state, family, table, reload);
+			fw3_print_default_tail_rules(state, family, table, reload);
 			fw3_pr("COMMIT\n");
 		}
 
-		if (!reload)
-			fw3_print_includes(family, state);
+		fw3_print_includes(state, family, reload);
 
 		fw3_command_close();
 		family_set(state, family, true);
@@ -313,11 +305,12 @@ start(struct fw3_state *state, bool reload)
 	{
 		fw3_set_defaults(state);
 
-		if (!reload && !print_rules)
-			fw3_run_includes(state);
-
 		if (!print_rules)
+		{
+			fw3_run_includes(state, reload);
+			fw3_hotplug_zones(state, true);
 			fw3_write_statefile(state);
+		}
 	}
 
 	return rv;
@@ -411,9 +404,6 @@ int main(int argc, char **argv)
 	state = build_state();
 	defs = &state->defaults;
 
-	if (!fw3_lock())
-		goto out;
-
 	if (optind >= argc)
 	{
 		rv = usage();
@@ -437,28 +427,50 @@ int main(int argc, char **argv)
 	}
 	else if (!strcmp(argv[optind], "start"))
 	{
-		rv = start(state, false);
+		if (fw3_lock())
+		{
+			rv = start(state, false);
+			fw3_unlock();
+		}
 	}
 	else if (!strcmp(argv[optind], "stop"))
 	{
-		rv = stop(state, false, false);
+		if (fw3_lock())
+		{
+			rv = stop(state, false, false);
+			fw3_unlock();
+		}
 	}
 	else if (!strcmp(argv[optind], "flush"))
 	{
-		rv = stop(state, true, false);
+		if (fw3_lock())
+		{
+			rv = stop(state, true, false);
+			fw3_unlock();
+		}
 	}
 	else if (!strcmp(argv[optind], "restart"))
 	{
-		stop(state, true, false);
-		free_state(state);
+		if (fw3_lock())
+		{
+			stop(state, true, false);
+			free_state(state);
 
-		state = build_state();
-		rv = start(state, false);
+			state = build_state();
+			rv = start(state, false);
+
+			fw3_unlock();
+		}
 	}
 	else if (!strcmp(argv[optind], "reload"))
 	{
-		rv = stop(state, false, true);
-		rv = start(state, !rv);
+		if (fw3_lock())
+		{
+			rv = stop(state, false, true);
+			rv = start(state, !rv);
+
+			fw3_unlock();
+		}
 	}
 	else if (!strcmp(argv[optind], "network") && (optind + 1) < argc)
 	{
@@ -477,7 +489,5 @@ out:
 	if (state)
 		free_state(state);
 
-	fw3_unlock();
-
 	return rv;
 }