[pve-devel] pve-firewall : iptables V2
Alexandre DERUMIER
aderumier at odiso.com
Thu Feb 13 18:07:32 CET 2014
>>FYI, I already added al big lock around the pvefw API:
Perfect ! :)
I think it indeed necessary for read too, because I check if some rules already exist or not before insert them.
Without lock, it's possible to have some concurrency problem.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
Cc: pve-devel at pve.proxmox.com
Envoyé: Jeudi 13 Février 2014 17:53:28
Objet: RE: [pve-devel] pve-firewall : iptables V2
> Seem to be fixed this year (so,I don't think is already backported in debian
> wheezy)
>
> ip[6]tables: Add locking to prevent concurrent instances
> http://git.netfilter.org/iptables/commit/?id=93587a04d0f2511e108bbc4d87a8b
> 9d28a5c5dd8
FYI, I already added al big lock around the pvefw API:
https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=06320eb0823c756df8dc836ecd4325839fb768e2
so that will not happen anyways if you only use 'pvefw'.
More information about the pve-devel
mailing list