Revert "iptables: Change locking semantics."
This reverts commit d2a1e52615058ef55b65db02aa5e4ad21b635ef0.
This is being reverted to minimize diffs with upstream and will
be cherry-picked once upstream is merged.
Bug: 36108349
Test: see top of change stack.
Change-Id: If8136bfd230bf0079884ab94fad0dcdc35a67c47
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 8d09798..e17ad9d 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -185,7 +185,7 @@
{
struct xtc_handle *handle = NULL;
char buffer[10240];
- int c, lock;
+ int c;
char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
@@ -193,7 +193,6 @@
const struct xtc_ops *ops = &ip6tc_ops;
line = 0;
- lock = XT_LOCK_NOT_ACQUIRED;
ip6tables_globals.program_name = "ip6tables-restore";
c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
@@ -255,6 +254,12 @@
}
else in = stdin;
+ if (!xtables_lock(wait)) {
+ fprintf(stderr, "Another app is currently holding the xtables lock. "
+ "Perhaps you want to use the -w option?\n");
+ exit(RESOURCE_PROBLEM);
+ }
+
/* Grab standard input. */
while (fgets(buffer, sizeof(buffer), in)) {
int ret = 0;
@@ -278,21 +283,8 @@
DEBUGP("Not calling commit, testing\n");
ret = 1;
}
-
- /* Release the lock since we're done with the current table. */
- if (lock >= 0) {
- xtables_unlock(lock);
- }
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
- /* Acquire a lock before we create a new table handle */
- lock = xtables_lock(wait);
- if (lock == XT_LOCK_BUSY) {
- fprintf(stderr, "Another app is currently holding the xtables lock. "
- "Perhaps you want to use the -w option?\n");
- exit(RESOURCE_PROBLEM);
- }
-
/* New table */
char *table;
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 8eefb82..1fb33f6 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1738,7 +1738,7 @@
chain, XT_EXTENSION_MAXNAMELEN);
/* Attempt to acquire the xtables lock */
- if (!restore && (xtables_lock(wait) == XT_LOCK_BUSY)) {
+ if (!restore && !xtables_lock(wait)) {
fprintf(stderr, "Another app is currently holding the xtables lock. "
"Perhaps you want to use the -w option?\n");
xtables_free_opts(1);
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index a41a46d..4d49b3c 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -185,7 +185,7 @@
{
struct xtc_handle *handle = NULL;
char buffer[10240];
- int c, lock;
+ int c;
char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
@@ -193,7 +193,6 @@
const struct xtc_ops *ops = &iptc_ops;
line = 0;
- lock = XT_LOCK_NOT_ACQUIRED;
iptables_globals.program_name = "iptables-restore";
c = xtables_init_all(&iptables_globals, NFPROTO_IPV4);
@@ -255,6 +254,12 @@
}
else in = stdin;
+ if (!xtables_lock(wait)) {
+ fprintf(stderr, "Another app is currently holding the xtables lock. "
+ "Perhaps you want to use the -w option?\n");
+ exit(RESOURCE_PROBLEM);
+ }
+
/* Grab standard input. */
while (fgets(buffer, sizeof(buffer), in)) {
int ret = 0;
@@ -278,21 +283,8 @@
DEBUGP("Not calling commit, testing\n");
ret = 1;
}
-
- /* Release the lock since we're done with the current table. */
- if (lock >= 0) {
- xtables_unlock(lock);
- }
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
- /* Acquire a lock before we create a new table handle */
- lock = xtables_lock(wait);
- if (lock == XT_LOCK_BUSY) {
- fprintf(stderr, "Another app is currently holding the xtables lock. "
- "Perhaps you want to use the -w option?\n");
- exit(RESOURCE_PROBLEM);
- }
-
/* New table */
char *table;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 1ace4cc..fe18e1c 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -1735,7 +1735,7 @@
chain, XT_EXTENSION_MAXNAMELEN);
/* Attempt to acquire the xtables lock */
- if (!restore && (xtables_lock(wait) == XT_LOCK_BUSY)) {
+ if (!restore && !xtables_lock(wait)) {
fprintf(stderr, "Another app is currently holding the xtables lock. "
"Perhaps you want to use the -w option?\n");
xtables_free_opts(1);
diff --git a/iptables/xshared.c b/iptables/xshared.c
index c144b48..6c9992e 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -243,7 +243,7 @@
match->init(match->m);
}
-int xtables_lock(bool wait)
+bool xtables_lock(bool wait)
{
int i = 0, ret, xt_socket;
struct sockaddr_un xt_addr;
@@ -254,26 +254,18 @@
xt_socket = socket(AF_UNIX, SOCK_STREAM, 0);
/* If we can't even create a socket, fall back to prior (lockless) behavior */
if (xt_socket < 0)
- return XT_LOCK_UNSUPPORTED;
+ return true;
while (1) {
ret = bind(xt_socket, (struct sockaddr*)&xt_addr,
offsetof(struct sockaddr_un, sun_path)+XT_SOCKET_LEN);
if (ret == 0)
- return xt_socket;
+ return true;
else if (wait == false)
- return XT_LOCK_BUSY;
+ return false;
if (++i % 2 == 0)
fprintf(stderr, "Another app is currently holding the xtables lock; "
"waiting for it to exit...\n");
sleep(1);
}
}
-
-void xtables_unlock(int lock) {
- if (lock < 0) {
- return;
- }
-
- close(lock);
-}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 9f9e803..1e2b9b8 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -84,29 +84,7 @@
extern int subcmd_main(int, char **, const struct subcommand *);
extern void xs_init_target(struct xtables_target *);
extern void xs_init_match(struct xtables_match *);
-
-/**
- * Values for the iptables lock.
- *
- * A value >= 0 indicates the lock filedescriptor. Other values are:
- *
- * XT_LOCK_UNSUPPORTED : The system does not support locking, execution will
- * proceed lockless.
- *
- * XT_LOCK_BUSY : The lock was held by another process. xtables_lock only
- * returns this value when |wait| == false. If |wait| == true, xtables_lock
- * will not return unless the lock has been acquired.
- *
- * XT_LOCK_NOT_ACQUIRED : We have not yet attempted to acquire the lock.
- */
-enum {
- XT_LOCK_BUSY = -1,
- XT_LOCK_UNSUPPORTED = -2,
- XT_LOCK_NOT_ACQUIRED = -3,
-};
-extern int xtables_lock(bool wait);
-
-extern void xtables_unlock(int lock);
+extern bool xtables_lock(bool wait);
extern const struct xtables_afinfo *afinfo;