Improve iptables timeout behaviour.
1. Increase the default timeout from 1s to 5s. This is necessary
for as long as our version of iptables sleeps for 1 second at
a time while the iptables lock is contended.
2. When a timeout occurs, kill the process to ensure that if it
recovers, any output is not returned to subsequent commands.
Add corresponding unit tests.
While I'm at it:
- Ensure that iptables commands that take an output string clear
the output string before appending to it. Otherwise, callers
that passed the same output string object to two separate
iptables commands would think the second command returned both
outputs. This does not affect any existing callers.
- Delete some unused code.
Bug: 35634318
Test: netd_{unit,integration}_test pass
Change-Id: Ife3dfd328ea82f2e93fb903fcf3660a13078b7b5
diff --git a/server/IptablesRestoreController.h b/server/IptablesRestoreController.h
index a9b6fdc..4f58461 100644
--- a/server/IptablesRestoreController.h
+++ b/server/IptablesRestoreController.h
@@ -53,6 +53,15 @@
friend class IptablesRestoreControllerTest;
pid_t getIpRestorePid(const IptablesProcessType type);
+ // The maximum number of times we poll(2) for a response on our set of polled
+ // fds. Chosen so that the overall timeout is 5s. The timeout is so high because
+ // our version of iptables still polls every second in xtables_lock.
+ static int MAX_RETRIES;
+
+ // The timeout (in millis) for each call to poll. The maximum wait is
+ // |POLL_TIMEOUT_MS * MAX_RETRIES|. Chosen so that the overall timeout is 1s.
+ static int POLL_TIMEOUT_MS;
+
private:
static IptablesProcess* forkAndExec(const IptablesProcessType type);