iankelling.org
/
git
/
newns
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix: multiple nns could cause removal of nat iptables rule
[newns]
/
newns
diff --git
a/newns
b/newns
index 26874a14949742fd449609038ec4059dc8423081..894ac310b2963866328fe545b20ced78e1d2ceab 100755
(executable)
--- a/
newns
+++ b/
newns
@@
-143,7
+143,6
@@
if $install_error; then
fi
#### end sanity checking ####
fi
#### end sanity checking ####
-
v0=veth0-$nn
v1=veth1-$nn
ip_base=10.173
v0=veth0-$nn
v1=veth1-$nn
ip_base=10.173
@@
-153,13
+152,14
@@
if ! $create && [[ $(readlink /proc/self/ns/net) == "$(readlink /proc/1/ns/net)"
fi
# make the default network namespace be named
fi
# make the default network namespace be named
+
+mkdir -p /run/netns
target=/run/netns/default
if [[ ! -e $target && ! -L $target ]]; then
target=/run/netns/default
if [[ ! -e $target && ! -L $target ]]; then
- mkdir -p /run/netns
- ln -s /proc/1/ns/net $target
+ # -f to avoid a race condition with running twice
+ ln -s
f
/proc/1/ns/net $target
fi
fi
-
ipd() { ip -n default "$@"; }
ipd() { ip -n default "$@"; }
@@
-192,7
+192,7
@@
fi
nat() {
for if in ${gateway_ifs[@]}; do
nat() {
for if in ${gateway_ifs[@]}; do
- dexec iptables -t nat $1 POSTROUTING -o $if -j MASQUERADE \
+ dexec iptables -t nat $1 POSTROUTING -
s $network.0/24 -
o $if -j MASQUERADE \
-m comment --comment "systemd network namespace nat"
done
}
-m comment --comment "systemd network namespace nat"
done
}