diff options
| author | Jethro Beekman <jethro@fortanix.com> | 2022-02-14 10:35:56 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2022-02-15 23:42:05 +0100 |
| commit | 07e2107ef0cbc1b81864c3c0f0ef297a9dfff44d (patch) | |
| tree | eba64618054cf690c69159d3f7e95f4429e19912 /iptables/xshared.h | |
| parent | a3980769541f6deb8d7b185de488dec6f40092f1 (diff) | |
xshared: Implement xtables lock timeout using signals
Previously, if a lock timeout is specified using `-wN `, flock() is
called using LOCK_NB in a loop with a sleep. This results in two issues.
The first issue is that the process may wait longer than necessary when
the lock becomes available. For this the `-W` option was added, but this
requires fine-tuning.
The second issue is that if lock contention is high, invocations using
`-w` (without a timeout) will always win lock acquisition from
invocations that use `-w N`. This is because invocations using `-w` are
actively waiting on the lock whereas those using `-w N` only check from
time to time whether the lock is free, which will never be the case.
This patch removes the sleep loop and deprecates the `-W` option (making
it non-functional). Instead, flock() is always called in a blocking
fashion, but the alarm() function is used with a non-SA_RESTART signal
handler to cancel the system call.
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/xshared.h')
| -rw-r--r-- | iptables/xshared.h | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/iptables/xshared.h b/iptables/xshared.h index d13de95e..0de0e12e 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -6,7 +6,6 @@ #include <stdint.h> #include <netinet/in.h> #include <net/if.h> -#include <sys/time.h> #include <linux/netfilter_arp/arp_tables.h> #include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv6/ip6_tables.h> @@ -189,10 +188,10 @@ enum { XT_LOCK_NOT_ACQUIRED = -3, }; extern void xtables_unlock(int lock); -extern int xtables_lock_or_exit(int wait, struct timeval *tv); +extern int xtables_lock_or_exit(int wait); int parse_wait_time(int argc, char *argv[]); -void parse_wait_interval(int argc, char *argv[], struct timeval *wait_interval); +void parse_wait_interval(int argc, char *argv[]); int parse_counters(const char *string, struct xt_counters *ctr); bool tokenize_rule_counters(char **bufferp, char **pcnt, char **bcnt, int line); bool xs_has_arg(int argc, char *argv[]); @@ -294,7 +293,6 @@ struct xtables_args { const char *arp_htype, *arp_ptype; unsigned long long pcnt_cnt, bcnt_cnt; int wait; - struct timeval wait_interval; }; struct xt_cmd_parse_ops { |