fix(portForwarding): serialize concurrent PF rule creation per VIP to prevent duplicates#3345
Open
zstack-robot-1 wants to merge 1 commit into5.5.6from
Open
fix(portForwarding): serialize concurrent PF rule creation per VIP to prevent duplicates#3345zstack-robot-1 wants to merge 1 commit into5.5.6from
zstack-robot-1 wants to merge 1 commit into5.5.6from
Conversation
…tion per VIP to prevent duplicate rules Resolves: ZSTAC-77673 Change-Id: I7f03df7bd22cd7d39097a34197313126bea811e1
总览通过使用 ChainTask 引入异步同步处理方式,替代了原有的直接方法序列。新增 VIP 端口范围重叠预检查,防止在创建端口转发规则前产生冲突。 变更
序列图sequenceDiagram
actor Client
participant PortForwardingManager
participant ChainTask
participant Database
participant VIPService
Client->>PortForwardingManager: APICreatePortForwardingRuleMsg
PortForwardingManager->>ChainTask: 创建同步任务
ChainTask->>Database: 查询同VIP、同协议的现有规则
Database-->>ChainTask: 返回规则列表
alt 存在端口范围重叠
ChainTask->>ChainTask: 发布错误事件,停止流程
ChainTask-->>Client: 返回错误
else 无重叠
ChainTask->>VIPService: 获取VIP详情
VIPService-->>ChainTask: VIP信息
ChainTask->>Database: 持久化端口转发规则
Database-->>ChainTask: 成功确认
ChainTask->>ChainTask: 发布成功事件
ChainTask-->>Client: 返回规则创建结果
end
预估代码审查工作量🎯 4 (复杂) | ⏱️ ~45 分钟 诗歌
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error, 2 warnings)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
⚔️ Resolve merge conflicts (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In
`@plugin/portForwarding/src/main/java/org/zstack/network/service/portforwarding/PortForwardingManagerImpl.java`:
- Around line 740-741: The FlowChain name in PortForwardingManagerImpl is
misspelled as "create-portforwading"; update the string passed to
flowChain.setName(...) (the FlowChain created via
FlowChainBuilder.newShareFlowChain() and stored in variable flowChain) to the
correct spelling "create-portforwarding" so the chain name is accurate.
Comment on lines
+740
to
+741
| FlowChain flowChain = FlowChainBuilder.newShareFlowChain(); | ||
| flowChain.setName("create-portforwading"); |
There was a problem hiding this comment.
FlowChain 名称存在拼写错误。
"create-portforwading" 应为 "create-portforwarding"(缺少字母 'r')。
🐛 建议修复
FlowChain flowChain = FlowChainBuilder.newShareFlowChain();
-flowChain.setName("create-portforwading");
+flowChain.setName("create-portforwarding");📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| FlowChain flowChain = FlowChainBuilder.newShareFlowChain(); | |
| flowChain.setName("create-portforwading"); | |
| FlowChain flowChain = FlowChainBuilder.newShareFlowChain(); | |
| flowChain.setName("create-portforwarding"); |
🤖 Prompt for AI Agents
In
`@plugin/portForwarding/src/main/java/org/zstack/network/service/portforwarding/PortForwardingManagerImpl.java`
around lines 740 - 741, The FlowChain name in PortForwardingManagerImpl is
misspelled as "create-portforwading"; update the string passed to
flowChain.setName(...) (the FlowChain created via
FlowChainBuilder.newShareFlowChain() and stored in variable flowChain) to the
correct spelling "create-portforwarding" so the chain name is accurate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem\nConcurrent
APICreatePortForwardingRuleMsgrequests for the same VIP could create duplicate port forwarding rules with overlapping port ranges. The interceptor checks for port overlap before the handler, but without synchronization, two concurrent requests can both pass the check and persist duplicate rules.\n\nResolves: ZSTAC-77673\n\n## Root Cause\nThehandle(APICreatePortForwardingRuleMsg)method persists the PortForwardingRuleVO without any per-VIP synchronization. The existingPortForwardingApiInterceptorchecks for VIP port overlap, but the window between the interceptor check and handlerpersist()allows race conditions.\n\n## Fix\n1. Wrap the CREATE handler inthdf.chainSubmit(new ChainTask)with sync signatureportforwardingrule-vip-{vipUuid}— same pattern as the DELETE handler\n2. Re-check VIP port overlap inside the synchronized ChainTask before persist\n3. Addchain.next()at all async exit points (VIP acquire callbacks + FlowChain done/error)\n\nThis serializes all port forwarding rule creation per VIP, eliminating the race condition window.\n\n## Test Plan\n- Verify creating port forwarding rules normally still works\n- Verify concurrent creation of rules with overlapping ports on the same VIP returns error for the second request\n- Verify rules on different VIPs can still be created concurrentlysync from gitlab !9174