Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 72bb3dbf0ecdf3ec96aee80e5d152c8be4394da1
commit72bb3dbf0ecdf3ec96aee80e5d152c8be4394da1[log] [tgz]
authorLiping Zhang <zlpnobody@gmail.com>Mon Feb 06 19:47:47 2017 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>Tue Feb 28 12:10:15 2017 +0100
tree53cdbadd59c6aa0039e3eea22380171e7c4007a9
parent24f8174646123c2833bc87967b366796231b04e0 [diff]
xshared: using the blocking file lock request when we wait indefinitely

When using "-w" to avoid concurrent instances, we try to do flock() every
one second until it success. But one second maybe too long in some
situations, and it's hard to select a suitable interval time. So when
using "iptables -w" to wait indefinitely, it's better to block until
it become success.

Now do some performance tests. First, flush all the iptables rules in
filter table, and run "iptables -w -S" endlessly:
  # iptables -F
  # iptables -X
  # while : ; do
  iptables -w -S >&- &
  done

Second, after adding and deleting the iptables rules 100 times, measure
the time cost:
  # time for i in $(seq 100); do
  iptables -w -A INPUT
  iptables -w -D INPUT
  done

Before this patch:
  real  1m15.962s
  user  0m0.224s
  sys   0m1.475s

Apply this patch:
  real  0m1.830s
  user  0m0.168s
  sys   0m1.130s

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 file changed
tree: 53cdbadd59c6aa0039e3eea22380171e7c4007a9
  1. etc/
  2. extensions/
  3. include/
  4. iptables/
  5. libipq/
  6. libiptc/
  7. libxtables/
  8. m4/
  9. utils/
  10. .gitignore
  11. autogen.sh
  12. COMMIT_NOTES
  13. configure.ac
  14. COPYING
  15. INCOMPATIBILITIES
  16. INSTALL
  17. iptables-test.py
  18. Makefile.am
  19. release.sh