From 2f8aa7a351403f7157875592c6c2d99b9f4dcd30 Mon Sep 17 00:00:00 2001 From: Martynas Pumputis Date: Mon, 4 Jun 2018 19:07:53 +0200 Subject: [PATCH] Add random nonce to test ipset name to prevent race As ipset.New(...) can be called by two processes (weaver and weave-npc) at the same time, there is a possibility for a race when they both check the comment support. To prevent the race, we append a random nonce to the test ipset name. --- net/ipset/ipset.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/ipset/ipset.go b/net/ipset/ipset.go index 80580bb96c..3748800817 100644 --- a/net/ipset/ipset.go +++ b/net/ipset/ipset.go @@ -1,6 +1,8 @@ package ipset import ( + "crypto/rand" + "encoding/hex" "log" "os/exec" "strings" @@ -56,7 +58,14 @@ func New(logger *log.Logger) Interface { } // Check for comment support - testIpsetName := Name("weave-test-comment") + + // To prevent from a race when more than one process check for the support + // we append a random nonce to the test ipset name. The final name is + // shorter than 31 chars (max ipset name). + nonce := make([]byte, 4) + rand.Read(nonce) + testIpsetName := Name("weave-test-comment" + hex.EncodeToString(nonce)) + // Clear it out if it already exists _ = ips.Destroy(testIpsetName) // Test for comment support