ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

Merge pull request #873 from maiqueb/mac-spoof-remove-index-when-adding-rules

Browse Source 
bridge, spoof check: remove drop rule index
This commit is contained in:
Casey Callendrello 2023-04-17 17:07:11 +02:00 committed by GitHub
commit 71aa710196
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/link/spoofcheck.go
View File

@ -195,12 +195,10 @@ func (sc *SpoofChecker) matchMacRule(chain string) *schema.Rule {
} }
func (sc *SpoofChecker) dropRule(chain string) *schema.Rule { func (sc *SpoofChecker) dropRule(chain string) *schema.Rule {
macRulesIndex := nft.NewRuleIndex()
return &schema.Rule{ return &schema.Rule{
Family: schema.FamilyBridge, Family: schema.FamilyBridge,
Table: natTableName, Table: natTableName,
Chain: chain, Chain: chain,
Index: macRulesIndex.Next(),
Expr: []schema.Statement{ Expr: []schema.Statement{
{Verdict: schema.Verdict{SimpleVerdict: schema.SimpleVerdict{Drop: true}}}, {Verdict: schema.Verdict{SimpleVerdict: schema.SimpleVerdict{Drop: true}}},
}, },

1
pkg/link/spoofcheck_test.go
View File

@ -254,7 +254,6 @@ func assertExpectedRulesInSetupConfig(c configurerStub) {
"comment":"macspoofchk-container99-net1"}}, "comment":"macspoofchk-container99-net1"}},
{"rule":{"family":"bridge","table":"nat","chain":"cni-br-iface-container99-net1-mac", {"rule":{"family":"bridge","table":"nat","chain":"cni-br-iface-container99-net1-mac",
"expr":[{"drop":null}], "expr":[{"drop":null}],
"index":0,
"comment":"macspoofchk-container99-net1"}} "comment":"macspoofchk-container99-net1"}}
]}` ]}`
ExpectWithOffset(1, string(jsonConfig)).To(MatchJSON(expectedConfig)) ExpectWithOffset(1, string(jsonConfig)).To(MatchJSON(expectedConfig))