]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8b4eedc)
nwfilter: serialize execution of scripts with ebtables cmds
authorStefan Berger <stefanb@us.ibm.com>
Fri, 13 Aug 2010 19:47:10 +0000 (15:47 -0400)
committerStefan Berger <stefanb@us.ibm.com>
Fri, 13 Aug 2010 19:47:10 +0000 (15:47 -0400)
While testing the SIGHUP handling and reloading of the nwfilter driver, I found that when the filters are rebuilt and mutlipe threads handled the individual interfaces, concurrently running multiple external bash scripts causes strange failures even though the executed ebtables commands are working on different tables for different interfaces. I cannot say for sure where the concurrency problems are caused, but introducing this lock definitely helps.

src/nwfilter/nwfilter_ebiptables_driver.c patch | blob | blame | history

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index fcd6c8c12220803782513d0a493fff85cfacd571..885f12e3926f20f607b2261b20096ef1dfe66989 100644 (file)
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -104,6 +104,7 @@ static int ebiptablesDriverInit(void);
 static void ebiptablesDriverShutdown(void);
 static int ebtablesCleanAll(const char *ifname);
 
+static virMutex execCLIMutex;
 
 struct ushort_map {
     unsigned short attr;
@@ -2309,8 +2310,13 @@ ebiptablesExecCLI(virBufferPtr buf,
         return 1;
 
     argv[0] = filename;
+
+    virMutexLock(&execCLIMutex);
+
     rc = virRun(argv, status);
 
+    virMutexUnlock(&execCLIMutex);
+
     *status >>= 8;
 
     VIR_DEBUG("rc = %d, status = %d",rc, *status);
@@ -3163,8 +3169,9 @@ tear_down_tmpebchains:
     ebiptablesExecCLI(&buf, &cli_status);
 
     virNWFilterReportError(VIR_ERR_BUILD_FIREWALL,
-                           "%s",
-                           _("Some rules could not be created."));
+                           _("Some rules could not be created for "
+                             "interface %s."),
+                           ifname);
 
     return 1;
 }
@@ -3364,6 +3371,9 @@ ebiptablesDriverInit(void)
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     int cli_status;
 
+    if (virMutexInit(&execCLIMutex))
+        return EINVAL;
+
     bash_cmd_path = virFindFileInPath("bash");
     gawk_cmd_path = virFindFileInPath("gawk");
     grep_cmd_path = virFindFileInPath("grep");
Unnamed repository; edit this file 'description' to name the repository.