From 1d12f7bb86fba1d65938ed2c85b7a0f11424281b Mon Sep 17 00:00:00 2001 From: Yusuke Sato Date: Thu, 20 Aug 2015 22:44:31 -0700 Subject: Add '-w' option to ip[6]tables-restore so ip[6]tables-restrore and ip[6]tables commands can be safely executed in parallel. Bug: 21725996 Change-Id: I4d0c0e5ff9e7881d9ebdfa5d4c733029703bb8de --- iptables/ip6tables-restore.c | 18 +++++++++++++++--- iptables/iptables-restore.c | 18 +++++++++++++++--- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c index b8b9e0dd..31bc502f 100644 --- a/iptables/ip6tables-restore.c +++ b/iptables/ip6tables-restore.c @@ -15,6 +15,7 @@ #include #include #include "ip6tables.h" +#include "xshared.h" #include "xtables.h" #include "libiptc/libip6tc.h" #include "ip6tables-multi.h" @@ -25,7 +26,7 @@ #define DEBUGP(x, args...) #endif -static int binary = 0, counters = 0, verbose = 0, noflush = 0; +static int binary = 0, counters = 0, verbose = 0, noflush = 0, wait = 0; /* Keeping track of external matches and targets. */ static const struct option options[] = { @@ -35,6 +36,7 @@ static const struct option options[] = { {.name = "test", .has_arg = false, .val = 't'}, {.name = "help", .has_arg = false, .val = 'h'}, {.name = "noflush", .has_arg = false, .val = 'n'}, + {.name = "wait", .has_arg = false, .val = 'w'}, {.name = "modprobe", .has_arg = true, .val = 'M'}, {.name = "table", .has_arg = true, .val = 'T'}, {NULL}, @@ -44,13 +46,14 @@ static void print_usage(const char *name, const char *version) __attribute__((no static void print_usage(const char *name, const char *version) { - fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-t] [-h]\n" + fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-t] [-h] [-w]\n" " [ --binary ]\n" " [ --counters ]\n" " [ --verbose ]\n" " [ --test ]\n" " [ --help ]\n" " [ --noflush ]\n" + " [ --wait ]\n" " [ --modprobe=]\n", name); exit(1); @@ -204,7 +207,7 @@ int ip6tables_restore_main(int argc, char *argv[]) init_extensions6(); #endif - while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "bcvthnwM:T:", options, NULL)) != -1) { switch (c) { case 'b': binary = 1; @@ -225,6 +228,9 @@ int ip6tables_restore_main(int argc, char *argv[]) case 'n': noflush = 1; break; + case 'w': + wait = 1; + break; case 'M': xtables_modprobe_program = optarg; break; @@ -248,6 +254,12 @@ int ip6tables_restore_main(int argc, char *argv[]) } else in = stdin; + if (!xtables_lock(wait)) { + fprintf(stderr, "Another app is currently holding the xtables lock. " + "Perhaps you want to use the -w option?\n"); + exit(RESOURCE_PROBLEM); + } + /* Grab standard input. */ while (fgets(buffer, sizeof(buffer), in)) { int ret = 0; diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index 8c942ff6..2009f732 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -12,6 +12,7 @@ #include #include #include "iptables.h" +#include "xshared.h" #include "xtables.h" #include "libiptc/libiptc.h" #include "iptables-multi.h" @@ -22,7 +23,7 @@ #define DEBUGP(x, args...) #endif -static int binary = 0, counters = 0, verbose = 0, noflush = 0; +static int binary = 0, counters = 0, verbose = 0, noflush = 0, wait = 0; /* Keeping track of external matches and targets. */ static const struct option options[] = { @@ -32,6 +33,7 @@ static const struct option options[] = { {.name = "test", .has_arg = false, .val = 't'}, {.name = "help", .has_arg = false, .val = 'h'}, {.name = "noflush", .has_arg = false, .val = 'n'}, + {.name = "wait", .has_arg = false, .val = 'w'}, {.name = "modprobe", .has_arg = true, .val = 'M'}, {.name = "table", .has_arg = true, .val = 'T'}, {NULL}, @@ -43,13 +45,14 @@ static void print_usage(const char *name, const char *version) __attribute__((no static void print_usage(const char *name, const char *version) { - fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-t] [-h]\n" + fprintf(stderr, "Usage: %s [-b] [-c] [-v] [-t] [-h] [-w]\n" " [ --binary ]\n" " [ --counters ]\n" " [ --verbose ]\n" " [ --test ]\n" " [ --help ]\n" " [ --noflush ]\n" + " [ --wait ]\n" " [ --table= ]\n" " [ --modprobe=]\n", name); @@ -204,7 +207,7 @@ iptables_restore_main(int argc, char *argv[]) init_extensions4(); #endif - while ((c = getopt_long(argc, argv, "bcvthnM:T:", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "bcvthnwM:T:", options, NULL)) != -1) { switch (c) { case 'b': binary = 1; @@ -225,6 +228,9 @@ iptables_restore_main(int argc, char *argv[]) case 'n': noflush = 1; break; + case 'w': + wait = 1; + break; case 'M': xtables_modprobe_program = optarg; break; @@ -248,6 +254,12 @@ iptables_restore_main(int argc, char *argv[]) } else in = stdin; + if (!xtables_lock(wait)) { + fprintf(stderr, "Another app is currently holding the xtables lock. " + "Perhaps you want to use the -w option?\n"); + exit(RESOURCE_PROBLEM); + } + /* Grab standard input. */ while (fgets(buffer, sizeof(buffer), in)) { int ret = 0; -- cgit v1.2.3