From c850d4514d19035c4ea4fceb36c3b8ab75dc3745 Mon Sep 17 00:00:00 2001
From: Casey Callendrello <casey.callendrello@coreos.com>
Date: Wed, 21 Feb 2018 15:38:16 +0100
Subject: [PATCH] pkg/ip: Tearing down ipmasq should be idempotent

---
 pkg/ip/ipmasq_linux.go | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/pkg/ip/ipmasq_linux.go b/pkg/ip/ipmasq_linux.go
index ba00f133..892667bd 100644
--- a/pkg/ip/ipmasq_linux.go
+++ b/pkg/ip/ipmasq_linux.go
@@ -89,13 +89,31 @@ func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error {
 		return fmt.Errorf("failed to locate iptables: %v", err)
 	}
 
-	if err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment); err != nil {
+	err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment)
+	if err != nil && !isNotExist(err) {
 		return err
 	}
 
-	if err = ipt.ClearChain("nat", chain); err != nil {
+	err = ipt.ClearChain("nat", chain)
+	if err != nil && !isNotExist(err) {
+		return err
+
+	}
+
+	err = ipt.DeleteChain("nat", chain)
+	if err != nil && !isNotExist(err) {
 		return err
 	}
 
-	return ipt.DeleteChain("nat", chain)
+	return nil
+}
+
+// isNotExist returnst true if the error is from iptables indicating
+// that the target does not exist.
+func isNotExist(err error) bool {
+	e, ok := err.(*iptables.Error)
+	if !ok {
+		return false
+	}
+	return e.IsNotExist()
 }