From 8641d53bd12f1ff35882f74f24a0cfdcf2b30455 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 15 Aug 2017 13:18:19 -0700
Subject: [PATCH] Use MUTEX_TIMEOUT for ip[6]tables --wait interval

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 6 +++---
 Shorewall/Perl/Shorewall/Config.pm | 6 ++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index c709671a8..6b087a303 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -8916,7 +8916,7 @@ sub create_netfilter_load( $ ) {
 	  'if [ "$COMMAND" = reload -a -n "$g_counters" ] && chain_exists $g_sha1sum1 && chain_exists $g_sha1sum2 ; then' );
 
     if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
-	emit( '    option="--counters --wait"' );
+	emit( '    option="--counters --wait "' . $config{MUTEX_TIMEOUT} );
     } else {
 	emit( '    option="--counters"' );
     }
@@ -8930,7 +8930,7 @@ sub create_netfilter_load( $ ) {
     push_indent;
 
     if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
-	emit 'option="--wait"';
+	emit 'option="--wait "' . $config{MUTEX_TIMEOUT};
     } else {
 	emit 'option=';
     }
@@ -9349,7 +9349,7 @@ sub create_stop_load( $ ) {
     enter_cmd_mode;
 
     if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
-	emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY . ' --wait' );
+	emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command="$' . $UTILITY . ' --wait ' . $config{MUTEX_TIMEOUT} . '"' );
     } else {
 	emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY );
     }
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 5bc4aee11..0ed8d7ac3 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -6842,6 +6842,12 @@ sub get_configuration( $$$$ ) {
 	}
     }
 
+    if ( supplied( $val = $config{MUTEX_TIMEOUT} ) ) {
+	fatal_error "Invalid value ($val) for MUTEX_TIMEOUT" unless $val && $val =~ /^\d+$/;
+    } else {
+	$config{MUTEX_TIMEOUT} = 60;
+    }
+
     add_variables %config;
 
     while ( my ($var, $val ) = each %renamed ) {