Add check support for: bridge, ipvlan, macvlan, p2p, vlan and host-device main plugins

host-local and static ipam plugins tuning, bandwidth and portmap meta plugins Utility functions created for common PrevResult checking Fix windows build
2018-12-06 15:42:37 -05:00
parent 82a0651d0a
commit 74a2596573
28 changed files with 3759 additions and 167 deletions
--- a/plugins/meta/portmap/chain.go
+++ b/plugins/meta/portmap/chain.go
@ -138,3 +138,44 @@ func chainExists(ipt *iptables.IPTables, tableName, chainName string) (bool, err
 	}
 	return false, nil
 }
+
+// check the chain.
+func (c *chain) check(ipt *iptables.IPTables) error {
+
+	exists, err := chainExists(ipt, c.table, c.name)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return fmt.Errorf("chain %s not found in iptables table %s", c.name, c.table)
+	}
+
+	for i := len(c.rules) - 1; i >= 0; i-- {
+		match := checkRule(ipt, c.table, c.name, c.rules[i])
+		if !match {
+			return fmt.Errorf("rule %s in chain %s not found in table %s", c.rules, c.name, c.table)
+		}
+	}
+
+	for _, entryChain := range c.entryChains {
+		for i := len(c.entryRules) - 1; i >= 0; i-- {
+			r := []string{}
+			r = append(r, c.entryRules[i]...)
+			r = append(r, "-j", c.name)
+			matchEntryChain := checkRule(ipt, c.table, entryChain, r)
+			if !matchEntryChain {
+				return fmt.Errorf("rule %s in chain %s not found in table %s", c.entryRules, entryChain, c.table)
+			}
+		}
+	}
+
+	return nil
+}
+
+func checkRule(ipt *iptables.IPTables, table, chain string, rule []string) bool {
+	exists, err := ipt.Exists(table, chain, rule...)
+	if err != nil {
+		return false
+	}
+	return exists
+}