Merge pull request #2178 from fcrisciani/race-ingress

Possible race on ingress programming
2022-11-09 12:21:53 -05:00 · 2018-06-08 13:37:58 -07:00 · 2018-06-08 13:37:58 -07:00 · 821a51db18
commit 821a51db18
parent 9310db12ae 3d2b2f1c7e
1 changed files with 4 additions and 5 deletions
--- a/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@ -279,7 +279,7 @@ const ingressChain = "DOCKER-INGRESS"

 var (
 	ingressOnce     sync.Once
-	ingressProxyMu  sync.Mutex
+	ingressMu       sync.Mutex // lock for operations on ingress
 	ingressProxyTbl = make(map[string]io.Closer)
 	portConfigMu    sync.Mutex
 	portConfigTbl   = make(map[PortConfig]int)
@ -328,6 +328,9 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 		addDelOpt = "-D"
 	}

+	ingressMu.Lock()
+	defer ingressMu.Unlock()
+
 	chainExists := iptables.ExistChain(ingressChain, iptables.Nat)
 	filterChainExists := iptables.ExistChain(ingressChain, iptables.Filter)

@ -497,13 +500,11 @@ func plumbProxy(iPort *PortConfig, isDelete bool) error {

 	portSpec := fmt.Sprintf("%d/%s", iPort.PublishedPort, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]))
 	if isDelete {
-		ingressProxyMu.Lock()
 		if listener, ok := ingressProxyTbl[portSpec]; ok {
 			if listener != nil {
 				listener.Close()
 			}
 		}
-		ingressProxyMu.Unlock()

 		return nil
 	}
@ -523,9 +524,7 @@ func plumbProxy(iPort *PortConfig, isDelete bool) error {
 		return err
 	}

-	ingressProxyMu.Lock()
 	ingressProxyTbl[portSpec] = l
-	ingressProxyMu.Unlock()

 	return nil
 }