|author||Subash Abhinov Kasiviswanathan <firstname.lastname@example.org>||2016-06-23 18:44:06 -0600|
|committer||Pablo Neira Ayuso <email@example.com>||2016-07-03 11:15:59 +0200|
xtables: Add an interval option for xtables lock wait
iptables currently waits for 1 second for the xtables lock to be freed if the -w option is used. We have seen that the lock is held much less than that resulting in unnecessary delay when trying to acquire the lock. This problem is even severe in case of latency sensitive applications. Introduce a new option 'W' to specify the wait interval in microseconds. If this option is not specified, the command sleeps for 1 second by default. v1->v2: Change behavior to take millisecond sleep as an argument to -w as suggested by Pablo. Also maintain current behavior for -w to sleep for 1 second as mentioned by Liping. v2->v3: Move the millisecond behavior to a new option as suggested by Pablo. v3->v4: Use select instead of usleep. Sleep every iteration for the time specified in the "-W" argument. Update man page. v4->v5: Fix compilation error when enabling nftables v5->v6: Simplify -W so it only takes the interval wait in microseconds. Bail out if -W is specific but -w is not. Joint work with Pablo Neira. Signed-off-by: Subash Abhinov Kasiviswanathan <firstname.lastname@example.org> Signed-off-by: Pablo Neira Ayuso <email@example.com>
Diffstat (limited to 'iptables/iptables.8.in')
1 files changed, 7 insertions, 0 deletions
diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in
index 5a8c7ae1..a9c6b252 100644
@@ -370,6 +370,13 @@ the program will exit if the lock cannot be obtained. This option will
make the program wait (indefinitely or for optional \fIseconds\fP) until
the exclusive lock can be obtained.
+\fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP
+Interval to wait per each iteration.
+When running latency sensitive applications, waiting for the xtables lock
+for extended durations may not be acceptable. This option will make each
+iteration take the amount of time specified. The default interval is
+1 second. This option only works with \fB\-w\fP.
IP addresses and port numbers will be printed in numeric format.