diff options
author | Jethro Beekman <jethro@fortanix.com> | 2022-02-14 10:35:56 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-02-15 23:42:05 +0100 |
commit | 07e2107ef0cbc1b81864c3c0f0ef297a9dfff44d (patch) | |
tree | eba64618054cf690c69159d3f7e95f4429e19912 /iptables/iptables.8.in | |
parent | a3980769541f6deb8d7b185de488dec6f40092f1 (diff) |
xshared: Implement xtables lock timeout using signals
Previously, if a lock timeout is specified using `-wN `, flock() is
called using LOCK_NB in a loop with a sleep. This results in two issues.
The first issue is that the process may wait longer than necessary when
the lock becomes available. For this the `-W` option was added, but this
requires fine-tuning.
The second issue is that if lock contention is high, invocations using
`-w` (without a timeout) will always win lock acquisition from
invocations that use `-w N`. This is because invocations using `-w` are
actively waiting on the lock whereas those using `-w N` only check from
time to time whether the lock is free, which will never be the case.
This patch removes the sleep loop and deprecates the `-W` option (making
it non-functional). Instead, flock() is always called in a blocking
fashion, but the alarm() function is used with a non-SA_RESTART signal
handler to cancel the system call.
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/iptables.8.in')
-rw-r--r-- | iptables/iptables.8.in | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in index ccc498f5..627ff0e4 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -377,13 +377,6 @@ the program will exit if the lock cannot be obtained. This option will make the program wait (indefinitely or for optional \fIseconds\fP) until the exclusive lock can be obtained. .TP -\fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP -Interval to wait per each iteration. -When running latency sensitive applications, waiting for the xtables lock -for extended durations may not be acceptable. This option will make each -iteration take the amount of time specified. The default interval is -1 second. This option only works with \fB\-w\fP. -.TP \fB\-n\fP, \fB\-\-numeric\fP Numeric output. IP addresses and port numbers will be printed in numeric format. |