mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 68158: Fixed the iptables deadlock in CNI port mapper plugin.
Date Mon, 06 Aug 2018 23:42:30 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68158/
-----------------------------------------------------------

(Updated Aug. 6, 2018, 11:42 p.m.)


Review request for mesos, Avinash sridharan, Chun-Hung Hsiao, and Greg Mann.


Changes
-------

Addressed comments.


Bugs: MESOS-9127
    https://issues.apache.org/jira/browse/MESOS-9127


Repository: mesos


Description (updated)
-------

It is possible that the port mapping cleanup command will cause iptables
to deadlock if there are a lot of entires in the iptables, because the
`sed` won't process the next line while executing `iptables -w -t nat -D
...`. But the executing of `iptables -w -t nat -D ...` might get stuck
if the first command `iptables -w -t nat -S <TAG>` didn't finish
(because the xtables lock is not released). The first command might not
finish if it has a lot of output, filling the pipe that `sed` hasn't had
a chance to process yet. See more details in MESOS-9127.

This patch fixed the issue by writing the commands to a file and then
executing them.


Diffs (updated)
-----

  src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
f1a3d263b7baa3ccbf270426745022d42fcc66ed 


Diff: https://reviews.apache.org/r/68158/diff/5/

Changes: https://reviews.apache.org/r/68158/diff/4-5/


Testing
-------

sudo make check
```
[       OK ] CniIsolatorPortMapperTest.ROOT_INTERNET_CURL_PortMapper (8827 ms)
```


Thanks,

Jie Yu


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message