diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2017-07-04 00:13:02 +0200 |
---|---|---|
committer | PiBa-NL <pba_2k3@yahoo.com> | 2017-07-04 00:24:24 +0200 |
commit | 7c6f38e49a2005812e37fe5b365717edc0d5dd44 (patch) | |
tree | 289a69b553ad171fa4768da064be7a12d74b78ac /src/etc/rc.newipsecdns | |
parent | 05ae852482def5fce3f87bc2d61f07de53cec39a (diff) | |
download | pfsense-7c6f38e49a2005812e37fe5b365717edc0d5dd44.zip pfsense-7c6f38e49a2005812e37fe5b365717edc0d5dd44.tar.gz |
ipsec, prevent simultaneous/repeated calling of vpn_ipsec_configure() by /etc/rc.newipsecdns
Diffstat (limited to 'src/etc/rc.newipsecdns')
-rwxr-xr-x | src/etc/rc.newipsecdns | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/src/etc/rc.newipsecdns b/src/etc/rc.newipsecdns index 4670b37..387e731 100755 --- a/src/etc/rc.newipsecdns +++ b/src/etc/rc.newipsecdns @@ -25,8 +25,21 @@ * limitations under the License. */ -/* parse the configuration and include all functions used below */ require_once("util.inc"); +require_once("globals.inc"); + +/* make sure to wait until the boot scripts have finished */ +if (file_exists("{$g['varrun_path']}/booting")) { + return; +} + +$ipseclck_pending = try_lock('ipsecdns_pending', 0); +if (!$ipseclck_pending) { + /* if a vpn_ipsec_configure() is still pending no need to stack up another one */ + return; +} + +/* parse the configuration and include all functions used below */ require_once("config.inc"); require_once("gwlb.inc"); require_once("functions.inc"); @@ -36,21 +49,20 @@ require_once("auth.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); -/* make sure to wait until the boot scripts have finished */ -if (file_exists("{$g['varrun_path']}/booting")) { - return; -} - -if (ipsec_enabled()) { - sleep(15); - log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing."); -} else { +if (!ipsec_enabled()) { + unlock($ipseclck_pending); return; } $ipseclck = lock('ipsecdns', LOCK_EX); +sleep(12); +unlock($ipseclck_pending); +sleep(3); +log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing."); + +/* make sure we have the latest configuration changes loaded. */ +$config = parse_config(); vpn_ipsec_configure(); unlock($ipseclck); -?> |