rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/firewalld-0.4.4.4-restore_wait_rhbz#1446162.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   64e4ee25cc56768b7ad39766f46ff0f7e6dbf1c6
  2.   SOURCES
  3.   firewalld-0.4.4.4-restore_wait_rhbz#1446162.patch
Blob History Raw
34791e 
commit 18990db7b05a3d81145b41e7cfe64ebbb958aa1a
34791e 
Author: Thomas Woerner <twoerner@redhat.com>
34791e 
Date:   Thu Apr 27 13:15:36 2017 +0200
34791e
34791e 
    firewall.core.ipXtables: Use new wait option for restore commands if available
34791e
34791e 
    The iptables restore commands in the next iptables release will support the
34791e 
    wait option. This is very useful and results in less likely collisions with
34791e 
    iptables commands used by other services or the user.
34791e
34791e 
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
34791e 
index 2ae0000..9f051d3 100644
34791e 
--- a/src/firewall/core/ipXtables.py
34791e 
+++ b/src/firewall/core/ipXtables.py
34791e 
@@ -157,6 +157,7 @@ class ip4tables(object):
34791e 
         self._command = config.COMMANDS[self.ipv]
34791e 
         self._restore_command = config.COMMANDS["%s-restore" % self.ipv]
34791e 
         self.wait_option = self._detect_wait_option()
34791e 
+        self.restore_wait_option = self._detect_restore_wait_option()
34791e 
         self.fill_exists()
34791e
34791e 
     def fill_exists(self):
34791e 
@@ -251,6 +252,8 @@ class ip4tables(object):
34791e 
         log.debug2("%s: %s %s", self.__class__, self._restore_command,
34791e 
                    "%s: %d" % (temp_file.name, stat.st_size))
34791e 
         args = [ ]
34791e 
+        if self.restore_wait_option:
34791e 
+            args.append(self.restore_wait_option)
34791e 
         if not flush:
34791e 
             args.append("-n")
34791e
34791e 
@@ -320,6 +323,24 @@ class ip4tables(object):
34791e
34791e 
         return wait_option
34791e
34791e 
+    def _detect_restore_wait_option(self):
34791e 
+        temp_file = tempFile()
34791e 
+        temp_file.write("#foo")
34791e 
+        temp_file.close()
34791e 
+
34791e 
+        wait_option = ""
34791e 
+        ret = runProg(self._restore_command, ["-w"], stdin=temp_file.name)  # proposed for iptables-1.6.2
34791e 
+        if ret[0] == 0:
34791e 
+            wait_option = "-w"  # wait for xtables lock
34791e 
+            ret = runProg(self._restore_command, ["--wait=2"], stdin=temp_file.name)  # since iptables > 1.4.21
34791e 
+            if ret[0] == 0:
34791e 
+                wait_option = "--wait=2"  # wait max 2 seconds
34791e 
+            log.debug2("%s: %s will be using %s option.", self.__class__, self._restore_command, wait_option)
34791e 
+
34791e 
+        os.unlink(temp_file.name)
34791e 
+
34791e 
+        return wait_option
34791e 
+
34791e 
     def flush(self, transaction=None):
34791e 
         tables = self.used_tables()
34791e 
         for table in tables:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation