'[lxc-devel] [lxd/master] lxd/firewall/drivers/drivers/xtables: Wait for each iptables call before pr'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lxc-devel
Subject:    [lxc-devel] [lxd/master] lxd/firewall/drivers/drivers/xtables: Wait for each iptables call before pr
From:       tomponline on Github <lxc-bot () linuxcontainers ! org>
Date:       2020-05-28 0:10:37
Message-ID: 5ecf017d.1c69fb81.d0273.dc7dSMTPIN_ADDED_MISSING () mx ! google ! com
[Download RAW message or body]

[Attachment #2 (text/x-mailbox)]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7453

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Previously the `defer cmd.Wait()` would potentially mean iptables processes not \
finishing until the end of the loop.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>


[Attachment #3 (text/plain)]

From 1c4e6ea0874e491d07b6ed35921613bb9ba64bbe Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott@canonical.com>
Date: Thu, 28 May 2020 01:08:57 +0100
Subject: [PATCH] lxd/firewall/drivers/drivers/xtables: Wait for each iptables
 call before proceeding to next

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
---
 lxd/firewall/drivers/drivers_xtables.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lxd/firewall/drivers/drivers_xtables.go b/lxd/firewall/drivers/drivers_xtables.go
index 728161786e..d0822fb476 100644
--- a/lxd/firewall/drivers/drivers_xtables.go
+++ b/lxd/firewall/drivers/drivers_xtables.go
@@ -78,8 +78,7 @@ func (d Xtables) xtablesIsNftables(cmd string) bool {
 
 // iptablesInUse returns whether the specified iptables backend command has any rules defined.
 func (d Xtables) iptablesInUse(iptablesCmd string) bool {
-	tables := []string{"filter", "nat", "mangle", "raw"}
-	for _, table := range tables {
+	checkTable := func(table string) bool {
 		cmd := exec.Command(iptablesCmd, "-S", "-t", table)
 		stdout, err := cmd.StdoutPipe()
 		if err != nil {
@@ -100,6 +99,15 @@ func (d Xtables) iptablesInUse(iptablesCmd string) bool {
 				return true
 			}
 		}
+
+		return false
+	}
+
+	tables := []string{"filter", "nat", "mangle", "raw"}
+	for _, table := range tables {
+		if checkTable(table) {
+			return true
+		}
 	}
 
 	return false

[Attachment #4 (text/plain)]

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic