From 52d6875bc8eb35668e358f65e213b3a259a3863b Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Fri, 27 Nov 2020 17:19:51 +0100
Subject: [PATCH 1/2] Only load PIDs for state cleaning

---
 process/database.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/process/database.go b/process/database.go
index 46191371..226804d6 100644
--- a/process/database.go
+++ b/process/database.go
@@ -92,12 +92,12 @@ func (p *Process) Delete() {
 // CleanProcessStorage cleans the storage from old processes.
 func CleanProcessStorage(activePIDs map[int]struct{}) {
 	// add system table of processes
-	procs, err := processInfo.Processes()
+	pids, err := processInfo.Pids()
 	if err != nil {
 		log.Warningf("process: failed to get list of active PIDs: %s", err)
 	} else {
-		for _, p := range procs {
-			activePIDs[int(p.Pid)] = struct{}{}
+		for _, pid := range pids {
+			activePIDs[int(pid)] = struct{}{}
 		}
 	}
 

From e58f28c3232eb4abd2b0ee467a170cd5f370fd2d Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Fri, 27 Nov 2020 17:20:58 +0100
Subject: [PATCH 2/2] Reduce locking in nfqueue and netlink

---
 Gopkg.lock                       | 12 ++++++++----
 Gopkg.toml                       |  4 ++++
 firewall/interception/nfq/nfq.go |  4 ++--
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/Gopkg.lock b/Gopkg.lock
index 34c5ca1c..273899fc 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -140,15 +140,15 @@
   revision = "2bc1f35cddc0cc527b4bc3dce8578fc2a6c11384"
 
 [[projects]]
-  digest = "1:4f0792bf942a61626dfdc06d228aa79783e51f214faacba73992a73f9485c0a8"
+  branch = "master"
+  digest = "1:1f6a000c4fe2eaf76f506ecc23e859e1a5b81c0ec3039c5fca21bfbb80c43979"
   name = "github.com/mdlayher/netlink"
   packages = [
     ".",
     "nlenc",
   ]
   pruneopts = ""
-  revision = "ad88bf8eff5c1fd8d6a29299addeeb23d05f1ec1"
-  version = "v1.1.0"
+  revision = "ded538f7f4be5ec9a64b7a16c7fdb0bc66bfb85b"
 
 [[projects]]
   digest = "1:508f444b8e00a569a40899aaf5740348b44c305d36f36d4f002b277677deef95"
@@ -276,7 +276,10 @@
   branch = "master"
   digest = "1:ae1578a64c2b241c13ab243739d05936d83825d2b6e9ff043ea3c7105666493d"
   name = "golang.org/x/sync"
-  packages = ["errgroup"]
+  packages = [
+    "errgroup",
+    "singleflight",
+  ]
   pruneopts = ""
   revision = "6e8e738ad208923de99951fe0b48239bfd864f28"
 
@@ -390,6 +393,7 @@
     "golang.org/x/net/ipv4",
     "golang.org/x/net/publicsuffix",
     "golang.org/x/sync/errgroup",
+    "golang.org/x/sync/singleflight",
     "golang.org/x/sys/unix",
     "golang.org/x/sys/windows",
     "golang.org/x/sys/windows/svc",
diff --git a/Gopkg.toml b/Gopkg.toml
index b658d391..8ea3e345 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -29,3 +29,7 @@ ignored = ["github.com/safing/portbase/*", "github.com/safing/spn/*"]
 [[constraint]]
   name = "github.com/florianl/go-nfqueue"
   branch = "master" # switch back once we migrate to go.mod
+
+[[override]]
+  name = "github.com/mdlayher/netlink"
+  branch = "master" # remove when https://github.com/mdlayher/netlink/pull/171 is released and in github.com/florianl/go-nfqueue
diff --git a/firewall/interception/nfq/nfq.go b/firewall/interception/nfq/nfq.go
index e2efd7a0..f8ad2ddf 100644
--- a/firewall/interception/nfq/nfq.go
+++ b/firewall/interception/nfq/nfq.go
@@ -39,8 +39,8 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
 		MaxQueueLen:  0xffff,
 		AfFamily:     uint8(afFamily),
 		Copymode:     nfqueue.NfQnlCopyPacket,
-		ReadTimeout:  5 * time.Millisecond,
-		WriteTimeout: 100 * time.Millisecond,
+		ReadTimeout:  1000 * time.Millisecond,
+		WriteTimeout: 1000 * time.Millisecond,
 	}
 
 	nf, err := nfqueue.Open(cfg)