mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-25 00:53:49 +01:00
Destroy the temporary IP set in the cleanup function
In the IP set capability tests, there is a race condition which might prevent the removal of the temporary IP set immediately after flushing the chain that uses this IP set: even though the rules which used the IP set were deleted, the IP set might still appear to be “in use by a kernel component.” In case this happens, we add an extra call to `ipset -X` in the `cleanup_iptables()` function, just to be sure that the temporary IP set is indeed destroyed when the compiler exits.
This commit is contained in:
parent
aae5baedfd
commit
450a16f730
@ -1507,7 +1507,7 @@ sub qt1( $ ) {
|
||||
}
|
||||
|
||||
#
|
||||
# Delete the test chains
|
||||
# Delete the test chains and IP sets
|
||||
#
|
||||
sub cleanup_iptables() {
|
||||
qt1( "$iptables $iptablesw -F $sillyname" );
|
||||
@ -1530,6 +1530,12 @@ sub cleanup_iptables() {
|
||||
qt1( "$iptables $iptablesw -t raw -X $sillyname" );
|
||||
}
|
||||
|
||||
my $ipset = $config{IPSET} || 'ipset';
|
||||
$ipset = which( $ipset ) unless $ipset =~ '/';
|
||||
if ( $ipset && -x $ipset ) {
|
||||
qt( "$ipset -X $sillyname" );
|
||||
}
|
||||
|
||||
$sillyname = $sillyname1 = '';
|
||||
}
|
||||
|
||||
@ -1574,7 +1580,7 @@ sub cleanup() {
|
||||
unlink ( $perlscriptname ), $perlscriptname = undef if $perlscriptname;
|
||||
unlink ( @tempfiles ), @tempfiles = () if @tempfiles;
|
||||
#
|
||||
# Delete temporary chains
|
||||
# Delete temporary chains and IP sets
|
||||
#
|
||||
cleanup_iptables if $sillyname;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user