make iptables timeout configurable #75
Conversation
|
/cc @dcbw @danwinship |
|
@aojea it seems like this should be configurable rather than hardcoded... maybe for now the IPTables object gets a "timeout" member that callers can set if they want to, but by default is 0 meaning "wait forever". That would preserve existing API. |
aojea
changed the title
aojea
force-pushed
the
wait
branch
2 times, most recently
from
958abd0 to
37774f2
Compare
|
|
||
| // New creates a new IPTables. | ||
| // For backwards compatibility, by default always uses IPv4, i.e. "iptables". | ||
| func New(opts ...option) (*IPTables, error) { |
There was a problem hiding this comment.
Technically this could still be a breaking change if someone was depending on the type of New to pass it, but that seems unlikely, and it would be relatively easy to fix I think.
There was a problem hiding this comment.
If we want to support all the options in iptables in the long term, wait interval comes to mind, I think is the more sustainable way.
I didn't like to add a NewWithProtocolTimeout() constructor, but I can change this to NewWithOptions() though
There was a problem hiding this comment.
to be clear this LGTM to me already, but I'm not sure how this repo is maintained
There was a problem hiding this comment.
Hey, I have merge rights, and do releases periodically. Anyways.
Can you update the docblock here to show how options work?
Use functional options to create a new iptables object, so we can support new options to configure it. It allows to configure the IP family and the timeout used in the `-w` flag. Until now, if iptables version supports wait, we used `-w` without any timeout, so it keeps waiting forever trying to acquire the lock at a 1 second interval rate. This can cause issues on busy environments by software that depends on this library, because they can be waiting forever. Signed-off-by: Antonio Ojea <[email protected]>
if iptables version supports wait, we use
-wwithout any additionalargument, so it keeps waiting forever trying to acquire the lock
at a 1 second interval rate.
This can cause issues on busy environments by software that depends
on this library, because they can be waiting forever.
We can make the timeout configurable, just only for iptables versions
that have the --wait flag.
Signed-off-by: Antonio Ojea [email protected]