race condition in ipfw restart (please review the fix)

[Max Khon]

Hello!

ipfw restart has race condition: there is "sleep 2" statement after
killall natd but if natd will not die in 2 seconds ipfw can't
start nat daemon (natd: Unable to bind divert socket.: Address already in use).

I would like to commit the fix for it. Diff and /etc/rc.d/natd script
attached.

/fjoe

#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: natd
# KEYWORD: FreeBSD nostart nojail

. /etc/rc.subr
. /etc/network.subr

name="natd"
rcvar=`set_rcvar`
command="/sbin/${name}"
start_cmd="natd_start"

natd_start()
{
	dhcp_list="`list_net_interfaces dhcp`"
	for ifn in ${dhcp_list}; do
		case ${natd_interface} in
		${ifn})
			natd_flags="$natd_flags -dynamic"
			;;
		*)
			;;
		esac
	done
	if [ -n "${natd_interface}" ]; then
		if echo ${natd_interface} | \
		grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
			natd_flags="$natd_flags -a ${natd_interface}"
		else
			natd_flags="$natd_flags -n ${natd_interface}"
		fi
	fi
	echo -n ' natd'
	${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
}

load_rc_config $name
run_rc_command "$1"

Index: ipfw
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/ipfw,v
retrieving revision 1.6
diff -u -p -r1.6 ipfw
--- ipfw	8 Mar 2004 12:25:05 -0000	1.6
+++ ipfw	14 Mar 2004 20:24:37 -0000
@@ -37,31 +37,7 @@ ipfw_start()
 	if [ -r "${firewall_script}" ]; then
 		. "${firewall_script}"
 		echo -n 'Firewall rules loaded, starting divert daemons:'
-
-		# Network Address Translation daemon
-		#
-		if checkyesno natd_enable; then
-			dhcp_list="`list_net_interfaces dhcp`"
-			for ifn in ${dhcp_list}; do
-				case ${natd_interface} in
-				${ifn})
-					natd_flags="$natd_flags -dynamic"
-					;;
-				*)
-					;;
-				esac
-			done
-			if [ -n "${natd_interface}" ]; then
-				if echo ${natd_interface} | \
-				grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
-					natd_flags="$natd_flags -a ${natd_interface}"
-				else
-					natd_flags="$natd_flags -n ${natd_interface}"
-				fi
-			fi
-			echo -n ' natd'
-			${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
-		fi
+		/etc/rc.d/natd start
 	elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
 		echo 'Warning: kernel has firewall functionality, but' \
 		    ' firewall rules are not enabled.'
@@ -86,8 +62,7 @@ ipfw_stop()
 	# Disable the firewall
 	#
 	${SYSCTL_W} net.inet.ip.fw.enable=0
-	killall natd;
-	sleep 2;
+	/etc/rc.d/natd stop
 }
 
 load_rc_config $name


----- End forwarded message -----