diff options
| author | Jo-Philipp Wich | 2022-05-31 18:55:36 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich | 2022-05-31 18:55:36 +0000 |
| commit | 210991df51587bdb736b4fc74b1200ec6cf6ecc7 (patch) | |
| tree | f907e3023c5ed846135e2bf3f23eddf67ac7c421 | |
| parent | 4e5e3226260a7a67dce325314d0926745727bab0 (diff) | |
| download | firewall4-210991df51587bdb736b4fc74b1200ec6cf6ecc7.tar.gz | |
fw4: prefer /dev/stdin if available
The nftables executable treats `-` and `/dev/stdin` specially when processing
nft scripts from stdin; it will buffer the contents in order to be able to
print detailled error diagnostics. The `/proc/self/fd/0` path used by `fw4`
does not get this special treatment which will lead to nftables error
messages without any reported context.
Make the `fw4` executable prefer `/dev/stdin` in case it exists and fall back
to using `/proc/self/fd/0` as before.
Ref: https://github.com/openwrt/openwrt/issues/9927
Ref: https://git.openwrt.org/50bc06e774f89517f98c89c76a7626f35c3ff659
Ref: https://git.netfilter.org/nftables/tree/src/libnftables.c?h=v1.0.3#n733
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rwxr-xr-x | root/sbin/fw4 | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/root/sbin/fw4 b/root/sbin/fw4 index b66f5d7..b089ac3 100755 --- a/root/sbin/fw4 +++ b/root/sbin/fw4 @@ -7,6 +7,8 @@ LOCK=/var/run/fw4.lock STATE=/var/run/fw4.state VERBOSE= +[ -e /dev/stdin ] && STDIN=/dev/stdin || STDIN=/proc/self/fd/0 + [ -t 2 ] && export TTY=1 die() { @@ -31,7 +33,7 @@ start() { esac ACTION=start \ - utpl -S $MAIN | nft $VERBOSE -f /proc/self/fd/0 + utpl -S $MAIN | nft $VERBOSE -f $STDIN } 1000>$LOCK } @@ -68,7 +70,7 @@ flush() { reload_sets() { ACTION=reload-sets \ - flock -x $LOCK utpl -S $MAIN | nft $VERBOSE -f /proc/self/fd/0 + flock -x $LOCK utpl -S $MAIN | nft $VERBOSE -f $STDIN } lookup() { |