From b88cde3f8fbe286fafacd70a73da845299b909fa Mon Sep 17 00:00:00 2001
From: husheng <husheng@joyy.com>
Date: Tue, 22 Oct 2024 11:44:55 +0800
Subject: [PATCH] fix: fix potential too many open files for xtables.lock

---
 iptables/lock.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/iptables/lock.go b/iptables/lock.go
index a88e92b..fc1af4c 100644
--- a/iptables/lock.go
+++ b/iptables/lock.go
@@ -35,9 +35,13 @@ type Unlocker interface {
 	Unlock() error
 }
 
-type nopUnlocker struct{}
+type nopUnlocker struct {
+	fd int
+}
 
-func (_ nopUnlocker) Unlock() error { return nil }
+func (n *nopUnlocker) Unlock() error {
+	return syscall.Close(n.fd)
+}
 
 type fileLock struct {
 	// mu is used to protect against concurrent invocations from within this process
@@ -57,7 +61,7 @@ func (l *fileLock) tryLock() (Unlocker, error) {
 	switch err {
 	case syscall.EWOULDBLOCK:
 		l.mu.Unlock()
-		return nopUnlocker{}, nil
+		return &nopUnlocker{l.fd}, nil
 	case nil:
 		return l, nil
 	default: