[pve-devel] pve-firewall : iptables V2

Alexandre DERUMIER aderumier at odiso.com
Thu Feb 13 18:07:32 CET 2014


>>FYI, I already added al big lock around the pvefw API:

Perfect ! :)

I think it indeed necessary for read too, because I check if some rules already exist or not before insert them.
Without lock, it's possible to have some concurrency problem.



----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 13 Février 2014 17:53:28 
Objet: RE: [pve-devel] pve-firewall : iptables V2 

> Seem to be fixed this year (so,I don't think is already backported in debian 
> wheezy) 
> 
> ip[6]tables: Add locking to prevent concurrent instances 
> http://git.netfilter.org/iptables/commit/?id=93587a04d0f2511e108bbc4d87a8b 
> 9d28a5c5dd8 

FYI, I already added al big lock around the pvefw API: 

https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=06320eb0823c756df8dc836ecd4325839fb768e2 

so that will not happen anyways if you only use 'pvefw'. 



More information about the pve-devel mailing list