firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2

SVN-Revision: 21486

package/firewall/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 include $(INCLUDE_DIR)/package.mk
 

package/firewall/files/firewall.hotplug

@@ -9,11 +9,20 @@
 
 . /lib/firewall/core.sh
 fw_init
-fw_is_loaded || exit 0
+
+# Wait for firewall if startup is in progress
+lock -w /var/lock/firewall.start
 
 case "$ACTION" in
 	ifup)
-		fw_configure_interface "$INTERFACE" add "$DEVICE" ;;
+		fw_is_loaded && {
+			fw_configure_interface "$INTERFACE" add "$DEVICE" &
+		} || {
+			/etc/init.d/firewall enabled && fw_start &
+		}
+	;;
 	ifdown)
-		fw_configure_interface "$INTERFACE" del "$DEVICE" ;;
+		fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+	;;
 esac
+

package/firewall/files/firewall.init

@@ -10,6 +10,8 @@ fw() {
 	fw_$1
 }
 
+boot() { :; }
+
 start() {
 	fw start
 }

package/firewall/files/lib/core.sh

@@ -8,6 +8,8 @@ include /lib/network
 fw_start() {
 	fw_init
 
+	lock /var/lock/firewall.start
+
 	FW_DEFAULTS_APPLIED=
 
 	fw_is_loaded && {
@@ -49,6 +51,8 @@ fw_start() {
 	fw_callback post core
 
 	uci_set_state firewall core loaded 1
+
+	lock -u /var/lock/firewall.start
 }
 
 fw_stop() {
@@ -75,9 +79,8 @@ fw_reload() {
 }
 
 fw_is_loaded() {
-	local bool
-	config_get_bool bool core loaded 0
-	return $((! $bool))
+	local bool=$(uci -q -P /var/state get firewall.core.loaded)
+	return $((! ${bool:-0}))
 }