Add random nonce to test ipset name to prevent race

As ipset.New(...) can be called by two processes (weaver and weave-npc) at the same time, there is a possibility for a race when they both check the comment support. To prevent the race, we append a random nonce to the test ipset name.
weaveworks · Jun 5, 2018 · 2f8aa7a · 2f8aa7a
1 parent b6115f0
commit 2f8aa7a
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/net/ipset/ipset.go b/net/ipset/ipset.go
@@ -1,6 +1,8 @@
 package ipset
 
 import (
+	"crypto/rand"
+	"encoding/hex"
 	"log"
 	"os/exec"
 	"strings"
@@ -56,7 +58,14 @@ func New(logger *log.Logger) Interface {
 	}
 
 	// Check for comment support
-	testIpsetName := Name("weave-test-comment")
+
+	// To prevent from a race when more than one process check for the support
+	// we append a random nonce to the test ipset name. The final name is
+	// shorter than 31 chars (max ipset name).
+	nonce := make([]byte, 4)
+	rand.Read(nonce)
+	testIpsetName := Name("weave-test-comment" + hex.EncodeToString(nonce))
+
 	// Clear it out if it already exists
 	_ = ips.Destroy(testIpsetName)
 	// Test for comment support