|
@@ -12,6 +12,13 @@ const globalChain = "DOCKER-OVERLAY"
|
|
|
|
|
|
|
|
var filterOnce sync.Once
|
|
var filterOnce sync.Once
|
|
|
|
|
|
|
|
|
|
+var filterChan = make(chan struct{}, 1)
|
|
|
|
|
+
|
|
|
|
|
+func filterWait() func() {
|
|
|
|
|
+ filterChan <- struct{}{}
|
|
|
|
|
+ return func() { <-filterChan }
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
func chainExists(cname string) bool {
|
|
func chainExists(cname string) bool {
|
|
|
if _, err := iptables.Raw("-L", cname); err != nil {
|
|
if _, err := iptables.Raw("-L", cname); err != nil {
|
|
|
return false
|
|
return false
|
|
@@ -69,10 +76,14 @@ func setNetworkChain(cname string, remove bool) error {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func addNetworkChain(cname string) error {
|
|
func addNetworkChain(cname string) error {
|
|
|
|
|
+ defer filterWait()()
|
|
|
|
|
+
|
|
|
return setNetworkChain(cname, false)
|
|
return setNetworkChain(cname, false)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func removeNetworkChain(cname string) error {
|
|
func removeNetworkChain(cname string) error {
|
|
|
|
|
+ defer filterWait()()
|
|
|
|
|
+
|
|
|
return setNetworkChain(cname, true)
|
|
return setNetworkChain(cname, true)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -119,9 +130,13 @@ func setFilters(cname, brName string, remove bool) error {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func addFilters(cname, brName string) error {
|
|
func addFilters(cname, brName string) error {
|
|
|
|
|
+ defer filterWait()()
|
|
|
|
|
+
|
|
|
return setFilters(cname, brName, false)
|
|
return setFilters(cname, brName, false)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func removeFilters(cname, brName string) error {
|
|
func removeFilters(cname, brName string) error {
|
|
|
|
|
+ defer filterWait()()
|
|
|
|
|
+
|
|
|
return setFilters(cname, brName, true)
|
|
return setFilters(cname, brName, true)
|
|
|
}
|
|
}
|
Jana Radhakrishnan