bump go-iptables module to v0.4.5
bump the go-iptables module to v0.4.5 to avoid concurrency issues with the portmap plugin and errors related to iptables not able to hold the lock. Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
This commit is contained in:
Antonio Ojea
parent
bf8f171041
commit
5a02c5bc61
2
go.mod
2
go.mod
@ -8,7 +8,7 @@ require (
|
|||||||
github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae
|
github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae
|
||||||
github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44
|
github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44
|
||||||
github.com/containernetworking/cni v0.7.1
|
github.com/containernetworking/cni v0.7.1
|
||||||
github.com/coreos/go-iptables v0.4.2
|
github.com/coreos/go-iptables v0.4.5
|
||||||
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7
|
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7
|
||||||
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c
|
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c
|
||||||
github.com/d2g/dhcp4client v1.0.0
|
github.com/d2g/dhcp4client v1.0.0
|
||||||
|
|||||||
4
go.sum
4
go.sum
@ -10,6 +10,10 @@ github.com/containernetworking/cni v0.7.1 h1:fE3r16wpSEyaqY4Z4oFrLMmIGfBYIKpPrHK
|
|||||||
github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
|
github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
|
||||||
github.com/coreos/go-iptables v0.4.2 h1:KH0EwId05JwWIfb96gWvkiT2cbuOu8ygqUaB+yPAwIg=
|
github.com/coreos/go-iptables v0.4.2 h1:KH0EwId05JwWIfb96gWvkiT2cbuOu8ygqUaB+yPAwIg=
|
||||||
github.com/coreos/go-iptables v0.4.2/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
|
github.com/coreos/go-iptables v0.4.2/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
|
||||||
|
github.com/coreos/go-iptables v0.4.4 h1:5oOUvU7Fk53Hn/rkdJ0zcYGCffotqXpyi4ADCkO1TJ8=
|
||||||
|
github.com/coreos/go-iptables v0.4.4/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
|
||||||
|
github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38=
|
||||||
|
github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
|
||||||
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5tgDm3YN7+9dYrpK96E5wFilTFWIDZOM=
|
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5tgDm3YN7+9dYrpK96E5wFilTFWIDZOM=
|
||||||
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||||
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c h1:Xo2rK1pzOm0jO6abTPIQwbAmqBIOj132otexc1mmzFc=
|
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c h1:Xo2rK1pzOm0jO6abTPIQwbAmqBIOj132otexc1mmzFc=
|
||||||
|
|||||||
29
vendor/github.com/coreos/go-iptables/iptables/iptables.go
generated
vendored
29
vendor/github.com/coreos/go-iptables/iptables/iptables.go
generated
vendored
@ -48,9 +48,13 @@ func (e *Error) Error() string {
|
|||||||
|
|
||||||
// IsNotExist returns true if the error is due to the chain or rule not existing
|
// IsNotExist returns true if the error is due to the chain or rule not existing
|
||||||
func (e *Error) IsNotExist() bool {
|
func (e *Error) IsNotExist() bool {
|
||||||
return e.ExitStatus() == 1 &&
|
if e.ExitStatus() != 1 {
|
||||||
(e.msg == fmt.Sprintf("%s: Bad rule (does a matching rule exist in that chain?).\n", getIptablesCommand(e.proto)) ||
|
return false
|
||||||
e.msg == fmt.Sprintf("%s: No chain/target/match by that name.\n", getIptablesCommand(e.proto)))
|
}
|
||||||
|
cmdIptables := getIptablesCommand(e.proto)
|
||||||
|
msgNoRuleExist := fmt.Sprintf("%s: Bad rule (does a matching rule exist in that chain?).\n", cmdIptables)
|
||||||
|
msgNoChainExist := fmt.Sprintf("%s: No chain/target/match by that name.\n", cmdIptables)
|
||||||
|
return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Protocol to differentiate between IPv4 and IPv6
|
// Protocol to differentiate between IPv4 and IPv6
|
||||||
@ -101,7 +105,13 @@ func NewWithProtocol(proto Protocol) (*IPTables, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
vstring, err := getIptablesVersionString(path)
|
vstring, err := getIptablesVersionString(path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("could not get iptables version: %v", err)
|
||||||
|
}
|
||||||
v1, v2, v3, mode, err := extractIptablesVersion(vstring)
|
v1, v2, v3, mode, err := extractIptablesVersion(vstring)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to extract iptables version from [%s]: %v", vstring, err)
|
||||||
|
}
|
||||||
|
|
||||||
checkPresent, waitPresent, randomFullyPresent := getIptablesCommandSupport(v1, v2, v3)
|
checkPresent, waitPresent, randomFullyPresent := getIptablesCommandSupport(v1, v2, v3)
|
||||||
|
|
||||||
@ -348,18 +358,6 @@ func (ipt *IPTables) executeList(args []string) ([]string, error) {
|
|||||||
rules = rules[:len(rules)-1]
|
rules = rules[:len(rules)-1]
|
||||||
}
|
}
|
||||||
|
|
||||||
// nftables mode doesn't return an error code when listing a non-existent
|
|
||||||
// chain. Patch that up.
|
|
||||||
if len(rules) == 0 && ipt.mode == "nf_tables" {
|
|
||||||
v := 1
|
|
||||||
return nil, &Error{
|
|
||||||
cmd: exec.Cmd{Args: args},
|
|
||||||
msg: fmt.Sprintf("%s: No chain/target/match by that name.\n", getIptablesCommand(ipt.proto)),
|
|
||||||
proto: ipt.proto,
|
|
||||||
exitStatus: &v,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for i, rule := range rules {
|
for i, rule := range rules {
|
||||||
rules[i] = filterRuleOutput(rule)
|
rules[i] = filterRuleOutput(rule)
|
||||||
}
|
}
|
||||||
@ -437,6 +435,7 @@ func (ipt *IPTables) runWithOutput(args []string, stdout io.Writer) error {
|
|||||||
}
|
}
|
||||||
ul, err := fmu.tryLock()
|
ul, err := fmu.tryLock()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
syscall.Close(fmu.fd)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer ul.Unlock()
|
defer ul.Unlock()
|
||||||
|
|||||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -32,7 +32,7 @@ github.com/containernetworking/cni/pkg/skel
|
|||||||
github.com/containernetworking/cni/pkg/version
|
github.com/containernetworking/cni/pkg/version
|
||||||
github.com/containernetworking/cni/pkg/types/020
|
github.com/containernetworking/cni/pkg/types/020
|
||||||
github.com/containernetworking/cni/libcni
|
github.com/containernetworking/cni/libcni
|
||||||
# github.com/coreos/go-iptables v0.4.2
|
# github.com/coreos/go-iptables v0.4.5
|
||||||
github.com/coreos/go-iptables/iptables
|
github.com/coreos/go-iptables/iptables
|
||||||
# github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7
|
# github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7
|
||||||
github.com/coreos/go-systemd/activation
|
github.com/coreos/go-systemd/activation
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user