Fix xtables_lock message probe

- iptables pkg functions are coded to discard
  the xtables_lock error message about acquiring
  the lock, because all the calls are done with
  the wait logic. But the error message has
  slightly changed between iptables 1.4.x and 1.6.
  This lead to false positives causing docker
  network create to fil in presence of concurrent calls.
- Fixed message mark to be common among the two main versions.

Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
Alessandro Boch 2016-11-21 22:02:07 -08:00
parent afcec80137
commit e2f0070492

View file

@ -45,6 +45,7 @@ var (
iptablesPath string iptablesPath string
supportsXlock = false supportsXlock = false
supportsCOpt = false supportsCOpt = false
xLockWaitMsg = "Another app is currently holding the xtables lock; waiting"
// used to lock iptables commands if xtables lock is not supported // used to lock iptables commands if xtables lock is not supported
bestEffortLock sync.Mutex bestEffortLock sync.Mutex
// ErrIptablesNotFound is returned when the rule is not found. // ErrIptablesNotFound is returned when the rule is not found.
@ -402,7 +403,7 @@ func raw(args ...string) ([]byte, error) {
} }
// ignore iptables' message about xtables lock // ignore iptables' message about xtables lock
if strings.Contains(string(output), "waiting for it to exit") { if strings.Contains(string(output), xLockWaitMsg) {
output = []byte("") output = []byte("")
} }