Serialize non-atomic jump rule programming in bridge
@@ -741,7 +741,9 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
joinCluster(network)
if !c.isDistributedControl() {
+ c.Lock()
arrangeIngressFilterRule()
+ c.Unlock()
}
return network, nil
@@ -115,7 +115,10 @@ func (n *bridgeNetwork) setupIPTables(config *networkConfiguration, i *bridgeInt
n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())
- if err := ensureJumpRule("FORWARD", IsolationChain); err != nil {
+ d.Lock()
+ err = ensureJumpRule("FORWARD", IsolationChain)
+ d.Unlock()
+ if err != nil {
return err