| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| | |
Change-Id: Ia15d4f564e64078ead52adbd23499734849a93fe
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The kernel will use xt_bpf module to collect per interface stats instead
of using xt_qtaguid in future. Turn on the userspace part of xt_bpf so
the related iptable rules and operations can be successfull.
Test: iptables -t raw -I bw_raw_PREROUTING -m bpf --object-pinned /sys/fs/bpf/xtbpf_prog
It should not return error about bpf header not find.
Bug: 72111305
Change-Id: Ic08d73c990e3237478aae97fe2a702f272816265
(clean cherry picked from aosp commit
2b00efe0f8147b53b13908519d1b3405009d6ac0)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This include is needed to compile the bpf_obj_get function properly,
as it brings in the __NR_bpf declaration.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Chenbo Feng <fengc@google.com>
Clean cherry-pick, no conflict.
(cherry picked from commit 895ce096f857ddc85d22144ba84c78ac762e995d)
Bug: 72111305
Test: With BPF_H defined
iptables -t raw -I bw_raw_PREROUTING -m bpf --object-pinned /sys/fs/bpf/xtbpf_prog
should not return error about bpf header not find.
Change-Id: Ia1387e61c8415a9ae6d3532830fbf62414740855
(cherry picked from aosp commit ff75e02e65ef4c7b457e245b9d6c3df82aff1798)
|
| |\|
| |
| |
| | |
Change-Id: Icc63a3d341b7d2d848decf94d9d0d022878e9db4
|
| |/|
| |
| |
| |
| |
| |
| |
| | |
7bf5d8cf4d
am: 8eb1c41e18
Change-Id: Iec350d976bb0c76e2a1329a06e3e9091f12aa487
|
| |/|
| |
| |
| |
| |
| | |
am: 7bf5d8cf4d
Change-Id: I64c43b50aff580d5020eae8cc618258f6c39f670
|
| | |\
| | |
| | |
| | |
| | |
| | | |
am: f86d7ad9ad
Change-Id: If615b6010d9419e64dffd4ece5bb7cf47ce40dbf
|
| | |/|
| | |
| | |
| | |
| | |
| | | |
am: 447f5e3dd7
Change-Id: I80a90b6143bbf53172d8b149c8e34584ad044063
|
| | | |\ |
|
| | | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Suppress unused function and format warnings.
Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: Ieac5da864fcf26886d56dbb4a7cf9a55def39d56
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
am: 896f87c130
Change-Id: I19356d328da9e63346efe64afdf1d546b65bae01
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 2ab26b893c
Change-Id: I5c4959fb9a28ac00adeb53ca17d1faa343594f72
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 8ae1dffe73
Change-Id: If2737e3cc8c252bb81abc22b0db31468824d5ead
|
| | | |/|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 204461a170
Change-Id: Id7ae344a5118cd655b64d2d1ed0a42f1477743a4
|
| | | | |\ |
|
| | | | |/
| | | |
| | | |
| | | |
| | | | |
Test: none
Change-Id: I17da46242aebb63f195f9fd199c94577c4db4fd0
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
1e6a0caab0
am: 4ca097c286
Change-Id: I693381494e9170c11704bd805ce0811cc6281cb4
|
| |/| | |
| |/ /
| | |
| | |
| | |
| | | |
am: 1e6a0caab0
Change-Id: I71575bbd9f8a2fb9f9936e8bfb5b5cb80a3a823e
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | | |
am: c0d5e2599a
Change-Id: I28f06a7233f0f31846db41b2a1f4285378cd569e
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 9eeff146a0
Change-Id: I2356c46e6018251f24c4802eea86a5cc3f66e807
|
| | | | |\ |
|
| | | | |/
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Owners are selected from top CL approvals or owners.
They will be suggested to review/approve future CLs.
* OWNERS files are recognized by the new find-owners plugin, see .md files in
https://gerrit.googlesource.com/plugins/find-owners/+/master/src/main/resources/Documentation/
Test: build/make/tools/checkowners.py -c -v OWNERS
Change-Id: I703dce86a2b1d92084198bace04480172150f83f
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
d6c570e540 am: 0132d73497
am: 990abd8b9d
Change-Id: Ibc219286a033753d55caf46757f8f140dd52f6b4
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
d6c570e540
am: 0132d73497
Change-Id: I3d55dff912533dd9c7dc3fb74cc5aaaf7a20df6e
|
| | | |\| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
am: d6c570e540
Change-Id: If65490d2853ba4cbc8e060525ec48990dd37ec3b
|
| | | | |\|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
am: c9c53dbd72
Change-Id: I490a69bfad64a45bdc8736cacd4ced83da8c07f9
|
| | | | | |\ |
|
| | | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, iptables programs will exit with an error if the
iptables lock cannot be acquired, but will silently continue if
the lock cannot be opened at all. This can cause unexpected
failures (with unhelpful error messages) in the presence of
concurrent updates, which can be very difficult to find in a
complex or multi-administrator system.
Instead, refuse to do anything if the lock cannot be acquired.
The behaviour is not affected by command-line flags because:
1. In order to reliably avoid concurrent modification, all
invocations of iptables commands must follow this behaviour.
2. Whether or not the lock can be opened is typically not
a run-time condition but is likely to be a configuration
error.
Existing systems that depended on things working mostly correctly
even if there was no lock might be affected by this change.
However, that is arguably a configuration error, and now that the
iptables lock is configurable, it is trivial to provide a lock
file that is always accessible: if nothing else, the iptables
binary itself can be used. The lock does not have to be writable,
only readable.
Tested by configuring the system to use an xtables.lock file in
a non-existent directory and observing that all commands failed.
(cherry picked from iptables 80d8bfaac9e2430d710084a10ec78e68bd61e6ec)
Test: aosp_bullhead-eng builds
Change-Id: I1aec4eb2d9e3775806c93ccd6cf215af05e12f3c
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |\| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
am: e502a8a613
Change-Id: Ib2483877075accf29ce443a1d81623027d0fe9c0
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
am: 957abd4643
Change-Id: Ibb2cd85ae1faf65b97e0356384b83ac15beb87db
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We have a build target for it, but it is not built by default. We
did not catch this in testing because:
1. Any device that mounts /system read-write (such as a device
used for development) will not enounter this problem because
iptables creates the file if it does not exist.
2. Running "mmm external/iptables" before flashing will build the
lock.
Bug: 36826873
Test: lock=$OUT/system/etc/xtables.lock && rm -f $lock && make -j64 iptables && ls -l $lock
Test: deleting the lock and rebuilding/flashing causes the lock to exist on device
(cherry picked from commit 10cdfd55b3f2fe1011375b95b46cfbcc7d85a979)
Change-Id: I183955159cd6f7724d57b737d07f8d539613a07c
|
| |\| | | | |
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
bb975c0535 am: 73dffad4ba am: cb3ecb0580
am: 516757476b
Change-Id: I40a5579423127020cda04a79ee160a5ab89851c0
|
| |/| | | |
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
bb975c0535 am: 73dffad4ba
am: cb3ecb0580
Change-Id: I4a5d167e9e5781b7d1bacd06d8a6d8b15458e717
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 73dffad4ba
Change-Id: I8fb24596e1d0ab5669fbe4f06d2b6a5901d8e9d4
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: bb975c0535
Change-Id: I2c008e6800aa990b48908c492ed63e2dd5c27920
|
| | | |/| |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have a build target for it, but it is not built by default. We
did not catch this in testing because:
1. Any device that mounts /system read-write (such as a device
used for development) will not enounter this problem because
iptables creates the file if it does not exist.
2. Running "mmm external/iptables" before flashing will build the
lock.
Bug: 36826873
Test: lock=$OUT/system/etc/xtables.lock && rm -f $lock && make -j64 iptables && ls -l $lock
Test: deleting the lock and rebuilding/flashing causes the lock to exist on device
Change-Id: I15a85c02e990f347031accdd29cc3e831ec631c2
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: e20d6bf62b
Change-Id: I7f42039a088b89201367df2b0a926fcd88987776
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: ff45753ae3
Change-Id: Ic463667ae6ac346f8eae4b6ca18888dcd24b9d6d
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: c784fc47e6
Change-Id: I9c26682631ff24de4215e553045036b94bfb611e
|
| | | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* changes:
Android-specific changes for upgrade to iptables-1.6.1.
iptables-restore: support acquiring the lock.
iptables: remove duplicated argument parsing code
iptables: move XT_LOCK_NAME from CFLAGS to config.h.
iptables: set the path of the lock file via a configure option.
xshared: using the blocking file lock request when we wait indefinitely
xshared: do not lock again and again if "-w" option is not specified
Update to iptables 1.6.1.
Revert "Add '-w' option to ip[6]tables-restore"
Revert "iptables: Change locking semantics."
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The most important change here regards the iptables lock.
Upstream uses flock() to lock /run/xtables.lock, creating it if
it does not exist. Instead of putting the lock on a read-write
partition such as /data, which on some devices is mounted twice
during boot, add a zero-length file to /system/etc so we're
always locking the same file. strace shows that flock() succeeds
on this file even if /system is mounted readonly:
$ adb shell cat /proc/mounts | grep /system
/dev/block/platform/soc.0/f9824900.sdhci/by-name/system /system ext4 ro,seclabel,relatime,data=ordered,inode_readahead_blks=8 0 0
$ adb shell strace iptables -L -n -t nat 2>&1 | egrep "flock|xtables.lock"
openat(AT_FDCWD, "/system/etc/xtables.lock", O_RDONLY|O_CREAT, 0600) = 3
flock(3, LOCK_EX|LOCK_NB) = 0
Also:
1. Don't compile the xt_cgroup module. This doesn't exist in our
current version, and it doesn't build due to a redefinition of
O_PATH.
2. Set HAVE_LINUX_PROC_FS_H since we have it.
3. Update version number.
4. Include time.h from xshared.h. This fixes the warning:
external/iptables/iptables/xshared.h:89:36: error:
declaration of 'struct timeval' will not be visible
outside of this function [-Werror,-Wvisibility]
This CL only contains changes to Android code.
Bug: 36108349
Test: bullhead builds and boots
Test: netd_{unit,integration} test passes
Test: iptables rules on boot are the same before and after change stack
Change-Id: I9fc172c76b820a0cb11ac72b83fc2ddd5b222545
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, ip[6]tables-restore does not perform any locking, so it
is not safe to use concurrently with ip[6]tables.
This patch makes ip[6]tables-restore wait for the lock if -w
was specified. Arguments to -w and -W are supported in the same
was as they are in ip[6]tables.
The lock is not acquired on startup. Instead, it is acquired when
a new table handle is created (on encountering '*') and released
when the table is committed (COMMIT). This makes it possible to
keep long-running iptables-restore processes in the background
(for example, reading commands from a pipe opened by a system
management daemon) and simultaneously run iptables commands.
If -w is not specified, then the command proceeds without taking
the lock.
Tested as follows:
1. Run iptables-restore -w, and check that iptables commands work
with or without -w.
2. Type "*filter" into the iptables-restore input. Verify that
a) ip[6]tables commands without -w fail with "another app is
currently holding the xtables lock...".
b) ip[6]tables commands with "-w 2" fail after 2 seconds.
c) ip[6]tables commands with "-w" hang until "COMMIT" is
typed into the iptables-restore window.
3. With the lock held by an ip6tables-restore process:
strace -e flock /tmp/iptables/sbin/iptables-restore -w 1 -W 100000
shows 11 calls to flock and fails.
4. Run an iptables-restore with -w and one without -w, and check:
a) Type "*filter" in the first and then the second, and the
second exits with an error.
b) Type "*filter" in the second and "*filter" "-S" "COMMIT"
into the first. The rules are listed only when the first
copy sees "COMMIT".
Signed-off-by: Narayan Kamath <narayan@google.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 999eaa241212d3952ddff39a99d0d55a74e3639e)
Bug: 36108349
Test: see top of change stack.
Change-Id: I2a51fab1c169763db00124641459dde2ed6c4c97
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
1. Factor out repeated code to a new xs_has_arg function.
2. Add a new parse_wait_time option to parse the value of -w.
3. Make parse_wait_interval take argc and argv so its callers
can be simpler.
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 6e2e169eb66b63d2991e1c7ada931e3cdb0ced32)
Bug: 36108349
Test: see top of change stack.
Change-Id: Iae185e267d90806dac2cbfdad2a066a2929947fc
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This slightly simplifies configure.ac and results in more
correct dependencies.
Tested by running ./configure with --with-xt-lock-name and
without, and using strace to verify that the right lock is used.
$ make distclean-recursive && ./autogen.sh &&
./configure --disable-nftables --prefix /tmp/iptables &&
make -j64 &&
make install &&
sudo strace -e open,flock /tmp/iptables/sbin/iptables -L foo
...
open("/run/xtables.lock", O_RDONLY|O_CREAT, 0600) = 3
flock(3, LOCK_EX|LOCK_NB) = 0
$ make distclean-recursive && ./autogen.sh && \
./configure --disable-nftables --prefix /tmp/iptables \
--with-xt-lock-name=/tmp/iptables/run/xtables.lock &&
make -j64 &&
make install &&
sudo strace -e open,flock /tmp/iptables/sbin/iptables -L foo
...
open("/tmp/iptables/run/xtables.lock", O_RDONLY|O_CREAT, 0600) = 3
flock(3, LOCK_EX|LOCK_NB) = 0
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 836846f0d747e1be8e37d2d43b215a68b30ea1a9)
Bug: 36108349
Test: see top of change stack.
Change-Id: I390ab17eadde6d22fa1ad9ce3a7bf4c6b2fb1b8a
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently the iptables lock is hardcoded as "/run/xtables.lock".
Allow users to change this path using the --with-xt-lock-name
option to ./configure option. This is useful on systems like
Android which do not have /run.
Tested on Ubuntu, as follows:
1. By default, the lock is placed in /run/xtables.lock:
$ make distclean-recursive && ./autogen.sh &&
./configure --disable-nftables --prefix /tmp/iptables &&
make -j64 &&
make install &&
sudo strace -e open,flock /tmp/iptables/sbin/iptables -L foo
...
open("/run/xtables.lock", O_RDONLY|O_CREAT, 0600) = 3
flock(3, LOCK_EX|LOCK_NB) = 0
iptables: No chain/target/match by that name.
2. Specifying the lock results in the expected location being
used:
$ make distclean-recursive && ./autogen.sh && \
./configure --disable-nftables --prefix /tmp/iptables \
--with-xt-lock-name=/tmp/iptables/run/xtables.lock &&
make -j64 &&
make install &&
sudo strace -e open,flock /tmp/iptables/sbin/iptables -L foo
...
open("/tmp/iptables/run/xtables.lock", O_RDONLY|O_CREAT, 0600) = 3
flock(3, LOCK_EX|LOCK_NB) = 0
iptables: No chain/target/match by that name.
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit b91af533f4da15854893ba5cc082e1df6bcf9a97)
Bug: 36108349
Test: see top of change stack.
Change-Id: Ia834d3f3043822031220aeaffc5a75cc48c4fa83
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When using "-w" to avoid concurrent instances, we try to do flock() every
one second until it success. But one second maybe too long in some
situations, and it's hard to select a suitable interval time. So when
using "iptables -w" to wait indefinitely, it's better to block until
it become success.
Now do some performance tests. First, flush all the iptables rules in
filter table, and run "iptables -w -S" endlessly:
# iptables -F
# iptables -X
# while : ; do
iptables -w -S >&- &
done
Second, after adding and deleting the iptables rules 100 times, measure
the time cost:
# time for i in $(seq 100); do
iptables -w -A INPUT
iptables -w -D INPUT
done
Before this patch:
real 1m15.962s
user 0m0.224s
sys 0m1.475s
Apply this patch:
real 0m1.830s
user 0m0.168s
sys 0m1.130s
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 72bb3dbf0ecdf3ec96aee80e5d152c8be4394da1)
Bug: 36108349
Test: see top of change stack.
Change-Id: I2a522dc9a9cb5f5b2c5bbf6b40da525bb1c4e90f
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
After running the following commands, some confusing messages was printed
out:
# while : ; do
iptables -A INPUT &
iptables -D INPUT &
done
[...]
Another app is currently holding the xtables lock; still -9s 0us time
ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -29s 0us time
ahead to have a chance to grab the lock...
If "-w" option is not specified, the "wait" will be zero, so we should
check whether the timer_left is less than wait_interval before we call
select to sleep.
Also remove unused "BASE_MICROSECONDS" and "struct timeval waited_time"
introduced by commit e8f857a5a151 ("xtables: Add an interval option for
xtables lock wait").
Fixes: e8f857a5a151 ("xtables: Add an interval option for xtables lock wait")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 24f8174646123c2833bc87967b366796231b04e0)
Bug: 36108349
Test: see top of change stack.
Change-Id: I54da3f5b1390f4e4cc20523575925aa2a428f39b
|
| | | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This merges upstream b013e3e80e96 ("iptables 1.6.1 release")
Conflicts:
include/libiptc/ipt_kernel_headers.h
Bug: 30950746
Bug: 36108349
Test: see top of change stack.
Change-Id: Ib2b5ae0e0c330798aa375b153e3e2cba2348bb1c
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
