diff options
| -rw-r--r-- | src/libnftables.c | 6 | ||||
| -rw-r--r-- | src/xt.c | 15 |
2 files changed, 14 insertions, 7 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index cedd710b..1ca5a6f4 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -191,15 +191,11 @@ void nft_ctx_clear_include_paths(struct nft_ctx *ctx) EXPORT_SYMBOL(nft_ctx_new); struct nft_ctx *nft_ctx_new(uint32_t flags) { - static bool init_once; struct nft_ctx *ctx; - if (!init_once) { - init_once = true; #ifdef HAVE_LIBXTABLES - xt_init(); + xt_init(); #endif - } ctx = xzalloc(sizeof(struct nft_ctx)); nft_init(ctx); @@ -361,7 +361,18 @@ static struct xtables_globals xt_nft_globals = { void xt_init(void) { - /* Default to IPv4, but this changes in runtime */ - xtables_init_all(&xt_nft_globals, NFPROTO_IPV4); + static bool init_once; + + if (!init_once) { + /* libxtables is full of global variables and cannot be used + * concurrently by multiple threads. Hence, it's fine that the + * "init_once" guard is not thread-safe either. + * Don't link against xtables if you want thread safety. + */ + init_once = true; + + /* Default to IPv4, but this changes in runtime */ + xtables_init_all(&xt_nft_globals, NFPROTO_IPV4); + } } #endif |