From: Alin Năstac <alin.nastac@gmail.com>
Date: Fri, 29 Apr 2016 13:00:01 +0000 (+0200)
Subject: load running state after lock is acquired
X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=commitdiff_plain;h=6cccf1ba7f0c3eb34ef4a7adc6af501376bfa875;hp=e92392db91f6eb50288f33ccf63475aa7b9babdd

load running state after lock is acquired

When running "/etc/init.d/firewall reload & fw3 -q restart", the
fw3 instance that handle the reload might try to read the running
state after firewall was stopped by the fw3 instance that does the
restarting. Since a NULL run_state will transform reload operation in
start operation, the resulted iptables chains will contain duplicate
sets of rules.
---

diff --git a/main.c b/main.c
index b953020..241da62 100644
--- a/main.c
+++ b/main.c
@@ -546,7 +546,6 @@ int main(int argc, char **argv)
 	}
 
 	build_state(false);
-	build_state(true);
 	defs = &cfg_state->defaults;
 
 	if (optind >= argc)
@@ -577,12 +576,18 @@ int main(int argc, char **argv)
 		print_family = family;
 		fw3_pr_debug = true;
 
-		rv = start();
+		if (fw3_lock())
+		{
+			build_state(true);
+			rv = start();
+			fw3_unlock();
+		}
 	}
 	else if (!strcmp(argv[optind], "start"))
 	{
 		if (fw3_lock())
 		{
+			build_state(true);
 			rv = start();
 			fw3_unlock();
 		}
@@ -591,6 +596,7 @@ int main(int argc, char **argv)
 	{
 		if (fw3_lock())
 		{
+			build_state(true);
 			rv = stop(false);
 			fw3_unlock();
 		}
@@ -599,6 +605,7 @@ int main(int argc, char **argv)
 	{
 		if (fw3_lock())
 		{
+			build_state(true);
 			rv = stop(true);
 			fw3_unlock();
 		}
@@ -607,6 +614,7 @@ int main(int argc, char **argv)
 	{
 		if (fw3_lock())
 		{
+			build_state(true);
 			stop(true);
 			rv = start();
 			fw3_unlock();
@@ -616,6 +624,7 @@ int main(int argc, char **argv)
 	{
 		if (fw3_lock())
 		{
+			build_state(true);
 			rv = reload();
 			fw3_unlock();
 		}