summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--iptables/xshared.c22
1 files changed, 7 insertions, 15 deletions
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b18022ee..7beb86b4 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -9,11 +9,11 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
+#include <fcntl.h>
#include <xtables.h>
#include "xshared.h"
-#define XT_SOCKET_NAME "xtables"
-#define XT_SOCKET_LEN 8
+#define XT_LOCK_NAME "/run/xtables.lock"
/*
* Print out any special helps. A user might like to be able to add a --help
@@ -245,22 +245,14 @@ void xs_init_match(struct xtables_match *match)
bool xtables_lock(int wait)
{
- int i = 0, ret, xt_socket;
- struct sockaddr_un xt_addr;
- int waited = 0;
-
- memset(&xt_addr, 0, sizeof(xt_addr));
- xt_addr.sun_family = AF_UNIX;
- strcpy(xt_addr.sun_path+1, XT_SOCKET_NAME);
- xt_socket = socket(AF_UNIX, SOCK_STREAM, 0);
- /* If we can't even create a socket, fall back to prior (lockless) behavior */
- if (xt_socket < 0)
+ int fd, waited = 0, i = 0;
+
+ fd = open(XT_LOCK_NAME, O_CREAT, 0600);
+ if (fd < 0)
return true;
while (1) {
- ret = bind(xt_socket, (struct sockaddr*)&xt_addr,
- offsetof(struct sockaddr_un, sun_path)+XT_SOCKET_LEN);
- if (ret == 0)
+ if (flock(fd, LOCK_EX | LOCK_NB) == 0)
return true;
else if (wait >= 0 && waited >= wait)
return false;