From aaa4ace72ba1d195bbf436134a336816c33f7bd0 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Fri, 4 Jul 2014 15:50:41 +0200 Subject: iptables: add optional [seconds] argument to -w This patch adds an optional numeric argument to -w option (added with 93587a0) so one can specify how long to wait for an exclusive lock. If the value isn't specified it works as before, i.e. program waits indefinitely. If user specifies it, program exits after the given time interval passes. This patch also adds the -w/--wait to nftables compat code, so the parser doesn't complain. [ In the original patch, iptables-compat -w X was not working, I have fixed by adding the dummy code not to break scripts using the new optional argument --pablo ] Signed-off-by: Jiri Popelka Signed-off-by: Pablo Neira Ayuso --- iptables/iptables.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'iptables/iptables.c') diff --git a/iptables/iptables.c b/iptables/iptables.c index 471bff06..88953c47 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -99,7 +99,7 @@ static struct option original_opts[] = { {.name = "numeric", .has_arg = 0, .val = 'n'}, {.name = "out-interface", .has_arg = 1, .val = 'o'}, {.name = "verbose", .has_arg = 0, .val = 'v'}, - {.name = "wait", .has_arg = 0, .val = 'w'}, + {.name = "wait", .has_arg = 2, .val = 'w'}, {.name = "exact", .has_arg = 0, .val = 'x'}, {.name = "fragments", .has_arg = 0, .val = 'f'}, {.name = "version", .has_arg = 0, .val = 'V'}, @@ -253,7 +253,7 @@ exit_printhelp(const struct xtables_rule_match *matches) " network interface name ([+] for wildcard)\n" " --table -t table table to manipulate (default: `filter')\n" " --verbose -v verbose mode\n" -" --wait -w wait for the xtables lock\n" +" --wait -w [seconds] wait for the xtables lock\n" " --line-numbers print line numbers when listing\n" " --exact -x expand numbers (display exact values)\n" "[!] --fragment -f match second or further fragments only\n" @@ -1319,7 +1319,7 @@ int do_command4(int argc, char *argv[], char **table, struct in_addr *daddrs = NULL, *dmasks = NULL; int verbose = 0; - bool wait = false; + int wait = 0; const char *chain = NULL; const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL; const char *policy = NULL, *newname = NULL; @@ -1352,10 +1352,9 @@ int do_command4(int argc, char *argv[], char **table, /* Suppress error messages: we may add new options if we demand-load a protocol. */ opterr = 0; - opts = xt_params->orig_opts; while ((cs.c = getopt_long(argc, argv, - "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvwnt:m:xc:g:46", + "-:A:C:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvw::nt:m:xc:g:46", opts, NULL)) != -1) { switch (cs.c) { /* @@ -1597,7 +1596,16 @@ int do_command4(int argc, char *argv[], char **table, "You cannot use `-w' from " "iptables-restore"); } - wait = true; + wait = -1; + if (optarg) { + if (sscanf(optarg, "%i", &wait) != 1) + xtables_error(PARAMETER_PROBLEM, + "wait seconds not numeric"); + } else if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') + if (sscanf(argv[optind++], "%i", &wait) != 1) + xtables_error(PARAMETER_PROBLEM, + "wait seconds not numeric"); break; case 'm': @@ -1751,8 +1759,11 @@ int do_command4(int argc, char *argv[], char **table, /* Attempt to acquire the xtables lock */ if (!restore && !xtables_lock(wait)) { - fprintf(stderr, "Another app is currently holding the xtables lock. " - "Perhaps you want to use the -w option?\n"); + fprintf(stderr, "Another app is currently holding the xtables lock. "); + if (wait == 0) + fprintf(stderr, "Perhaps you want to use the -w option?\n"); + else + fprintf(stderr, "Stopped waiting after %ds.\n", wait); xtables_free_opts(1); exit(RESOURCE_PROBLEM); } -- cgit v1.2.3