From patchwork Mon Apr 23 01:14:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jack Ma X-Patchwork-Id: 902721 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=alliedtelesis.co.nz Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=alliedtelesis.co.nz header.i=@alliedtelesis.co.nz header.b="qskDuAB7"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40TpQp1Dm5z9s16 for ; Mon, 23 Apr 2018 11:14:42 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753909AbeDWBOk (ORCPT ); Sun, 22 Apr 2018 21:14:40 -0400 Received: from gate2.alliedtelesis.co.nz ([202.36.163.20]:57290 "EHLO gate2.alliedtelesis.co.nz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753824AbeDWBOh (ORCPT ); Sun, 22 Apr 2018 21:14:37 -0400 Received: from mmarshal3.atlnz.lc (mmarshal3.atlnz.lc [10.32.18.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by gate2.alliedtelesis.co.nz (Postfix) with ESMTPS id 3EBBE8364D; Mon, 23 Apr 2018 13:14:35 +1200 (NZST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alliedtelesis.co.nz; s=mail; t=1524446075; bh=u7mIVIMIdq8mJvaUDQfN9pgbBRUEGEct8+/TOTYr3d8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=qskDuAB722fJzNa4yqHlTHAZdCBXhKUcL46HNdNJzhJi0MjSFunf6qNj+9vrlzFfU mkz+uK1LYyK6Fgw1ogrbOf3X1HOWHq+4OZ5cKnhLNCv6umAL3/apCVPECoO0GQ8TfP U4qZijI69C8NmEFAl0BRlR9wL919mBejT4lEoNm8= Received: from smtp (Not Verified[10.32.16.33]) by mmarshal3.atlnz.lc with Trustwave SEG (v7, 5, 8, 10121) id ; Mon, 23 Apr 2018 13:14:35 +1200 Received: from jackm-dl.ws.atlnz.lc (jackm-dl.ws.atlnz.lc [10.33.21.13]) by smtp (Postfix) with ESMTP id 8F8E313EE9C; Mon, 23 Apr 2018 13:14:30 +1200 (NZST) Received: by jackm-dl.ws.atlnz.lc (Postfix, from userid 1748) id 0D5AFA3D55; Mon, 23 Apr 2018 13:14:30 +1200 (NZST) From: Jack Ma To: netfilter-devel@vger.kernel.org Cc: fw@strlen.de, pablo@netfilter.org, Jack Ma Subject: [PATCH v2] iptables: Set wait to true by default. Date: Mon, 23 Apr 2018 13:14:28 +1200 Message-Id: <20180423011428.8783-1-jack.ma@alliedtelesis.co.nz> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20180423010020.4880-1-jack.ma@alliedtelesis.co.nz> References: <20180423010020.4880-1-jack.ma@alliedtelesis.co.nz> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This allow each iptables user to wait for the xtable_lock for a maximum of 1 second by default. It's uncommon to not wait for xtables_lock and exit immediately if the lock is not available. If latency-senstive applications require the wait interval to be re-adjusted, users are still able to set wait_interval back to zero or more precised value to fit in their application. Signed-off-by: Jack Ma --- iptables/ip6tables-restore.c | 3 ++- iptables/ip6tables.c | 4 ++-- iptables/iptables-restore.8.in | 6 +++--- iptables/iptables-restore.c | 3 ++- iptables/iptables.8.in | 6 +++--- iptables/iptables.c | 4 ++-- iptables/xtables.c | 4 ++-- 7 files changed, 16 insertions(+), 14 deletions(-) diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c index 47310f20..cdd634f3 100644 --- a/iptables/ip6tables-restore.c +++ b/iptables/ip6tables-restore.c @@ -26,8 +26,9 @@ #define DEBUGP(x, args...) #endif -static int counters, verbose, noflush, wait; +static int counters, verbose, noflush; +static int wait = 1; static struct timeval wait_interval = { .tv_sec = 1, }; diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 49bd006f..693de28a 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1338,11 +1338,11 @@ int do_command6(int argc, char *argv[], char **table, struct in6_addr *smasks = NULL, *dmasks = NULL; int verbose = 0; - int wait = 0; + int wait = 1; struct timeval wait_interval = { .tv_sec = 1, }; - bool wait_interval_set = false; + bool wait_interval_set = true; const char *chain = NULL; const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL; const char *policy = NULL, *newname = NULL; diff --git a/iptables/iptables-restore.8.in b/iptables/iptables-restore.8.in index f751492d..fb8dc970 100644 --- a/iptables/iptables-restore.8.in +++ b/iptables/iptables-restore.8.in @@ -62,9 +62,9 @@ Print the program version number. Wait for the xtables lock. To prevent multiple instances of the program from running concurrently, an attempt will be made to obtain an exclusive lock at launch. By default, -the program will exit if the lock cannot be obtained. This option will -make the program wait (indefinitely or for optional \fIseconds\fP) until -the exclusive lock can be obtained. +the program will wait for a maximum time of 1 second before exiting. +This option will make the program wait (indefinitely or for optional +\fIseconds\fP) until the exclusive lock can be obtained. .TP \fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP Interval to wait per each iteration. diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index 074552af..3cd168a1 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -23,8 +23,9 @@ #define DEBUGP(x, args...) #endif -static int counters, verbose, noflush, wait; +static int counters, verbose, noflush; +static int wait = 1; static struct timeval wait_interval = { .tv_sec = 1, }; diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in index a9c6b252..54fe33df 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -366,9 +366,9 @@ specified multiple times to possibly emit more detailed debug statements. Wait for the xtables lock. To prevent multiple instances of the program from running concurrently, an attempt will be made to obtain an exclusive lock at launch. By default, -the program will exit if the lock cannot be obtained. This option will -make the program wait (indefinitely or for optional \fIseconds\fP) until -the exclusive lock can be obtained. +the program will wait for a maximum time of 1 second before exiting. +This option will make the program wait (indefinitely or for optional +\fIseconds\fP) until the exclusive lock can be obtained. .TP \fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP Interval to wait per each iteration. diff --git a/iptables/iptables.c b/iptables/iptables.c index 69d19fec..540d1d60 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1333,9 +1333,9 @@ int do_command4(int argc, char *argv[], char **table, struct timeval wait_interval = { .tv_sec = 1, }; - bool wait_interval_set = false; + bool wait_interval_set = true; int verbose = 0; - int wait = 0; + int wait = 1; const char *chain = NULL; const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL; const char *policy = NULL, *newname = NULL; diff --git a/iptables/xtables.c b/iptables/xtables.c index ac113254..653362fe 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -689,10 +689,10 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], { struct xtables_match *m; struct xtables_rule_match *matchp; - bool wait_interval_set = false; + bool wait_interval_set = true; struct timeval wait_interval; struct xtables_target *t; - int wait = 0; + int wait = 1; memset(cs, 0, sizeof(*cs)); cs->jumpto = "";