Add warning when xtables contention detected

Signed-off-by: Chris Telfer <ctelfer@docker.com>
moby · Apr 11, 2018 · 2478302 · 2478302
1 parent 860648e
commit 2478302
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/iptables/iptables.go b/iptables/iptables.go
@@ -423,9 +423,10 @@ func existsRaw(table Table, chain string, rule ...string) bool {
 	return strings.Contains(string(existingRules), ruleString)
 }
 
-func filterOutput(output []byte) []byte {
+func filterOutput(output []byte, args ...string) []byte {
 	// ignore iptables' message about xtables lock
 	if strings.Contains(string(output), xLockWaitMsg) {
+		logrus.Warnf("Xtables contention detected during: %s", strings.Join(args, " "))
 		output = []byte("")
 	}
 	return output
@@ -436,7 +437,7 @@ func Raw(args ...string) ([]byte, error) {
 	if firewalldRunning {
 		output, err := Passthrough(Iptables, args...)
 		if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
-			return filterOutput(output), err
+			return filterOutput(output, args...), err
 		}
 	}
 	return raw(args...)
@@ -460,7 +461,7 @@ func raw(args ...string) ([]byte, error) {
 		return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err)
 	}
 
-	return filterOutput(output), err
+	return filterOutput(output, args...), err
 }
 
 // RawCombinedOutput inernally calls the Raw function and returns a non nil