Sfoglia il codice sorgente

Merge pull request #1658 from aboch/iptlck

Serialize non-atomic jump rule programming in bridge
Santhosh Manohar 8 anni fa
parent
commit
8288090b19

+ 2 - 0
libnetwork/controller.go

@@ -741,7 +741,9 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
 
 	joinCluster(network)
 	if !c.isDistributedControl() {
+		c.Lock()
 		arrangeIngressFilterRule()
+		c.Unlock()
 	}
 
 	return network, nil

+ 4 - 1
libnetwork/drivers/bridge/setup_ip_tables.go

@@ -115,7 +115,10 @@ func (n *bridgeNetwork) setupIPTables(config *networkConfiguration, i *bridgeInt
 		n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())
 	}
 
-	if err := ensureJumpRule("FORWARD", IsolationChain); err != nil {
+	d.Lock()
+	err = ensureJumpRule("FORWARD", IsolationChain)
+	d.Unlock()
+	if err != nil {
 		return err
 	}