mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <>
Subject Re: Review Request 68158: Fixed the iptables deadlock in CNI port mapper plugin.
Date Mon, 06 Aug 2018 20:30:54 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Aug. 6, 2018, 8:30 p.m.)

Review request for mesos, Avinash sridharan, Chun-Hung Hsiao, and Greg Mann.

Bugs: MESOS-9127

Repository: mesos


It is possible that the port mapping cleanup command will cause iptables
to deadlock if there are a lot of entires in the iptables, because the
`sed` won't process the next line while executing 'iptables -w -t nat -D
...'. But the executing of 'iptables -w -t nat -D ...' might get stuck
if the first command 'iptables -w -t nat -S %s' didn't finish (because
the xtables lock is not released). The first command might not finish if
it has a lot of output, filling the pipe that `sed` hasn't had a chance
to process yet. See more details in MESOS-9127.

This patch fixed the issue by writing the commands to a file and then
executing them.

Diffs (updated)





sudo make check
[       OK ] CniIsolatorPortMapperTest.ROOT_INTERNET_CURL_PortMapper (8827 ms)


Jie Yu

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message