ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

Merge pull request #124 from squeed/masq-del

Browse Source 
pkg/ip: Tearing down ipmasq should be idempotent
This commit is contained in:
Casey Callendrello 2018-03-07 17:40:21 +01:00 committed by GitHub
commit 56989e2380
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Godeps/Godeps.json generated
View File

@ -47,8 +47,8 @@
}, },
{ {
"ImportPath": "github.com/coreos/go-iptables/iptables", "ImportPath": "github.com/coreos/go-iptables/iptables",
"Comment": "v0.2.0", "Comment": "v0.3.0",
"Rev": "259c8e6a4275d497442c721fa52204d7a58bde8b" "Rev": "b5b1876b170881a8259f036445ee89c8669db386"
}, },
{ {
"ImportPath": "github.com/coreos/go-systemd/activation", "ImportPath": "github.com/coreos/go-systemd/activation",

24
pkg/ip/ipmasq_linux.go
View File

@ -89,13 +89,31 @@ func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error {
return fmt.Errorf("failed to locate iptables: %v", err) return fmt.Errorf("failed to locate iptables: %v", err)
} }
if err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment); err != nil { err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment)
if err != nil && !isNotExist(err) {
return err return err
} }
if err = ipt.ClearChain("nat", chain); err != nil { err = ipt.ClearChain("nat", chain)
if err != nil && !isNotExist(err) {
return err
}
err = ipt.DeleteChain("nat", chain)
if err != nil && !isNotExist(err) {
return err return err
} }
return ipt.DeleteChain("nat", chain) return nil
}
// isNotExist returnst true if the error is from iptables indicating
// that the target does not exist.
func isNotExist(err error) bool {
e, ok := err.(*iptables.Error)
if !ok {
return false
}
return e.IsNotExist()
} }

5
vendor/github.com/coreos/go-iptables/NOTICE generated vendored Normal file
View File

@ -0,0 +1,5 @@
CoreOS Project
Copyright 2018 CoreOS, Inc
This product includes software developed at CoreOS, Inc.
(http://www.coreos.com/).

12
vendor/github.com/coreos/go-iptables/iptables/iptables.go generated vendored
View File

@ -41,6 +41,13 @@ func (e *Error) Error() string {
return fmt.Sprintf("running %v: exit status %v: %v", e.cmd.Args, e.ExitStatus(), e.msg) return fmt.Sprintf("running %v: exit status %v: %v", e.cmd.Args, e.ExitStatus(), e.msg)
} }
// IsNotExist returns true if the error is due to the chain or rule not existing
func (e *Error) IsNotExist() bool {
return e.ExitStatus() == 1 &&
(e.msg == "iptables: Bad rule (does a matching rule exist in that chain?).\n" ||
e.msg == "iptables: No chain/target/match by that name.\n")
}
// Protocol to differentiate between IPv4 and IPv6 // Protocol to differentiate between IPv4 and IPv6
type Protocol byte type Protocol byte
@ -289,6 +296,11 @@ func (ipt *IPTables) DeleteChain(table, chain string) error {
return ipt.run("-t", table, "-X", chain) return ipt.run("-t", table, "-X", chain)
} }
// ChangePolicy changes policy on chain to target
func (ipt *IPTables) ChangePolicy(table, chain, target string) error {
return ipt.run("-t", table, "-P", chain, target)
}
// run runs an iptables command with the given arguments, ignoring // run runs an iptables command with the given arguments, ignoring
// any stdout output // any stdout output
func (ipt *IPTables) run(args ...string) error { func (ipt *IPTables) run(args ...string) error {