With 5.15+ tables are init in an async way. Firewall3 use the proc entry
ip_tables_names to check if a table exist. With this new implemenation,
the proc entry can contain wrong data in the case where a table is
present but never used/init and firewall3 would uncorrectly think that
the table is not available. This cause some connection problem as from a
normal boot the proc entry contains only the "filter" table and
lacks "raw","mangle" and "nat".
To fix this "poke" the tables to init them by simply open and closing
them without doing any operation. This simple operation is sufficient to
make the missing tables appear in the proc entry.
Signed-off-by: Ansuel Smith <ansuels...@gmail.com>
---
main.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/main.c b/main.c
index 7ad00b4..796ae80 100644
--- a/main.c
+++ b/main.c
@@ -266,6 +266,21 @@ start(void)
continue;
}
+ /* From 5.15+ tables are created async as soon as the first rule
+ * is created or any operation is requested. This cause the
+ * *_tables_names to report wrong data / missing tables.
+ * Poke ipt to init the tables so fw3_has_table correctly
detects
+ * them with the proc entires.
+ */
+ for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
+ {
+
+ if (!(handle = fw3_ipt_open(family, table)))
+ continue;
+
+ fw3_ipt_close(handle);
+ }
+
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
if (!fw3_has_table(family == FW3_FAMILY_V6,
fw3_flag_names[table]))
--
2.33.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
