diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2017-01-30 21:15:16 +0900 |
---|---|---|
committer | Lorenzo Colitti <lorenzo@google.com> | 2017-03-22 17:09:41 +0900 |
commit | 0f6d7c31d091408cebe2d8066c551c111c9ffdc2 (patch) | |
tree | dad5ffbbb73eec11508ae9d843e0239ba5635793 | |
parent | 8c7efe912f13460f4859daa39b3cf8f3a82411f2 (diff) | |
download | iptables-0f6d7c31d091408cebe2d8066c551c111c9ffdc2.tar.gz |
Revert "iptables: Change locking semantics."
This reverts commit d2a1e52615058ef55b65db02aa5e4ad21b635ef0.
This is being reverted to minimize diffs with upstream and will
be cherry-picked once upstream is merged.
Bug: 36108349
Test: see top of change stack.
Change-Id: If8136bfd230bf0079884ab94fad0dcdc35a67c47
-rw-r--r-- | iptables/ip6tables-restore.c | 22 | ||||
-rw-r--r-- | iptables/ip6tables.c | 2 | ||||
-rw-r--r-- | iptables/iptables-restore.c | 22 | ||||
-rw-r--r-- | iptables/iptables.c | 2 | ||||
-rw-r--r-- | iptables/xshared.c | 16 | ||||
-rw-r--r-- | iptables/xshared.h | 24 |
6 files changed, 21 insertions, 67 deletions
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c index 8d097984..e17ad9d2 100644 --- a/iptables/ip6tables-restore.c +++ b/iptables/ip6tables-restore.c @@ -185,7 +185,7 @@ int ip6tables_restore_main(int argc, char *argv[]) { struct xtc_handle *handle = NULL; char buffer[10240]; - int c, lock; + int c; char curtable[XT_TABLE_MAXNAMELEN + 1]; FILE *in; int in_table = 0, testing = 0; @@ -193,7 +193,6 @@ int ip6tables_restore_main(int argc, char *argv[]) const struct xtc_ops *ops = &ip6tc_ops; line = 0; - lock = XT_LOCK_NOT_ACQUIRED; ip6tables_globals.program_name = "ip6tables-restore"; c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6); @@ -255,6 +254,12 @@ int ip6tables_restore_main(int argc, char *argv[]) } else in = stdin; + if (!xtables_lock(wait)) { + fprintf(stderr, "Another app is currently holding the xtables lock. " + "Perhaps you want to use the -w option?\n"); + exit(RESOURCE_PROBLEM); + } + /* Grab standard input. */ while (fgets(buffer, sizeof(buffer), in)) { int ret = 0; @@ -278,21 +283,8 @@ int ip6tables_restore_main(int argc, char *argv[]) DEBUGP("Not calling commit, testing\n"); ret = 1; } - - /* Release the lock since we're done with the current table. */ - if (lock >= 0) { - xtables_unlock(lock); - } in_table = 0; } else if ((buffer[0] == '*') && (!in_table)) { - /* Acquire a lock before we create a new table handle */ - lock = xtables_lock(wait); - if (lock == XT_LOCK_BUSY) { - fprintf(stderr, "Another app is currently holding the xtables lock. " - "Perhaps you want to use the -w option?\n"); - exit(RESOURCE_PROBLEM); - } - /* New table */ char *table; diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 8eefb826..1fb33f6d 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1738,7 +1738,7 @@ int do_command6(int argc, char *argv[], char **table, chain, XT_EXTENSION_MAXNAMELEN); /* Attempt to acquire the xtables lock */ - if (!restore && (xtables_lock(wait) == XT_LOCK_BUSY)) { + if (!restore && !xtables_lock(wait)) { fprintf(stderr, "Another app is currently holding the xtables lock. " "Perhaps you want to use the -w option?\n"); xtables_free_opts(1); diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index a41a46d3..4d49b3c9 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -185,7 +185,7 @@ iptables_restore_main(int argc, char *argv[]) { struct xtc_handle *handle = NULL; char buffer[10240]; - int c, lock; + int c; char curtable[XT_TABLE_MAXNAMELEN + 1]; FILE *in; int in_table = 0, testing = 0; @@ -193,7 +193,6 @@ iptables_restore_main(int argc, char *argv[]) const struct xtc_ops *ops = &iptc_ops; line = 0; - lock = XT_LOCK_NOT_ACQUIRED; iptables_globals.program_name = "iptables-restore"; c = xtables_init_all(&iptables_globals, NFPROTO_IPV4); @@ -255,6 +254,12 @@ iptables_restore_main(int argc, char *argv[]) } else in = stdin; + if (!xtables_lock(wait)) { + fprintf(stderr, "Another app is currently holding the xtables lock. " + "Perhaps you want to use the -w option?\n"); + exit(RESOURCE_PROBLEM); + } + /* Grab standard input. */ while (fgets(buffer, sizeof(buffer), in)) { int ret = 0; @@ -278,21 +283,8 @@ iptables_restore_main(int argc, char *argv[]) DEBUGP("Not calling commit, testing\n"); ret = 1; } - - /* Release the lock since we're done with the current table. */ - if (lock >= 0) { - xtables_unlock(lock); - } in_table = 0; } else if ((buffer[0] == '*') && (!in_table)) { - /* Acquire a lock before we create a new table handle */ - lock = xtables_lock(wait); - if (lock == XT_LOCK_BUSY) { - fprintf(stderr, "Another app is currently holding the xtables lock. " - "Perhaps you want to use the -w option?\n"); - exit(RESOURCE_PROBLEM); - } - /* New table */ char *table; diff --git a/iptables/iptables.c b/iptables/iptables.c index 1ace4cc3..fe18e1cc 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1735,7 +1735,7 @@ int do_command4(int argc, char *argv[], char **table, chain, XT_EXTENSION_MAXNAMELEN); /* Attempt to acquire the xtables lock */ - if (!restore && (xtables_lock(wait) == XT_LOCK_BUSY)) { + if (!restore && !xtables_lock(wait)) { fprintf(stderr, "Another app is currently holding the xtables lock. " "Perhaps you want to use the -w option?\n"); xtables_free_opts(1); diff --git a/iptables/xshared.c b/iptables/xshared.c index c144b485..6c9992ed 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -243,7 +243,7 @@ void xs_init_match(struct xtables_match *match) match->init(match->m); } -int xtables_lock(bool wait) +bool xtables_lock(bool wait) { int i = 0, ret, xt_socket; struct sockaddr_un xt_addr; @@ -254,26 +254,18 @@ int xtables_lock(bool wait) xt_socket = socket(AF_UNIX, SOCK_STREAM, 0); /* If we can't even create a socket, fall back to prior (lockless) behavior */ if (xt_socket < 0) - return XT_LOCK_UNSUPPORTED; + return true; while (1) { ret = bind(xt_socket, (struct sockaddr*)&xt_addr, offsetof(struct sockaddr_un, sun_path)+XT_SOCKET_LEN); if (ret == 0) - return xt_socket; + return true; else if (wait == false) - return XT_LOCK_BUSY; + return false; if (++i % 2 == 0) fprintf(stderr, "Another app is currently holding the xtables lock; " "waiting for it to exit...\n"); sleep(1); } } - -void xtables_unlock(int lock) { - if (lock < 0) { - return; - } - - close(lock); -} diff --git a/iptables/xshared.h b/iptables/xshared.h index 9f9e8031..1e2b9b8e 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -84,29 +84,7 @@ extern struct xtables_match *load_proto(struct iptables_command_state *); extern int subcmd_main(int, char **, const struct subcommand *); extern void xs_init_target(struct xtables_target *); extern void xs_init_match(struct xtables_match *); - -/** - * Values for the iptables lock. - * - * A value >= 0 indicates the lock filedescriptor. Other values are: - * - * XT_LOCK_UNSUPPORTED : The system does not support locking, execution will - * proceed lockless. - * - * XT_LOCK_BUSY : The lock was held by another process. xtables_lock only - * returns this value when |wait| == false. If |wait| == true, xtables_lock - * will not return unless the lock has been acquired. - * - * XT_LOCK_NOT_ACQUIRED : We have not yet attempted to acquire the lock. - */ -enum { - XT_LOCK_BUSY = -1, - XT_LOCK_UNSUPPORTED = -2, - XT_LOCK_NOT_ACQUIRED = -3, -}; -extern int xtables_lock(bool wait); - -extern void xtables_unlock(int lock); +extern bool xtables_lock(bool wait); extern const struct xtables_afinfo *afinfo; |