Update go-iptables

Signed-off-by: Dan Winship <danwinship@redhat.com>
2023-10-22 10:48:36 -04:00 · 2023-10-22 10:48:36 -04:00 · deb8ef63f4
commit deb8ef63f4
parent 720b1e9811
4 changed files with 45 additions and 13 deletions
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ require (
 	github.com/alexflint/go-filemutex v1.3.0
 	github.com/buger/jsonparser v1.1.1
 	github.com/containernetworking/cni v1.1.2
-	github.com/coreos/go-iptables v0.7.0
+	github.com/coreos/go-iptables v0.8.0
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c
 	github.com/d2g/dhcp4client v1.0.0
--- a/go.sum
+++ b/go.sum
@ -20,8 +20,8 @@ github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5Z
 github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
 github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=
 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
-github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8=
-github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc=
+github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c h1:Xo2rK1pzOm0jO6abTPIQwbAmqBIOj132otexc1mmzFc=
--- a/vendor/github.com/coreos/go-iptables/iptables/iptables.go
+++ b/vendor/github.com/coreos/go-iptables/iptables/iptables.go
@ -45,15 +45,21 @@ func (e *Error) Error() string {
 	return fmt.Sprintf("running %v: exit status %v: %v", e.cmd.Args, e.ExitStatus(), e.msg)
 }

+var isNotExistPatterns = []string{
+	"Bad rule (does a matching rule exist in that chain?).\n",
+	"No chain/target/match by that name.\n",
+	"No such file or directory",
+	"does not exist",
+}
+
 // IsNotExist returns true if the error is due to the chain or rule not existing
 func (e *Error) IsNotExist() bool {
-	if e.ExitStatus() != 1 {
-		return false
+	for _, str := range isNotExistPatterns {
+		if strings.Contains(e.msg, str) {
+			return true
+		}
 	}
-	msgNoRuleExist := "Bad rule (does a matching rule exist in that chain?).\n"
-	msgNoChainExist := "No chain/target/match by that name.\n"
-	msgENOENT := "No such file or directory"
-	return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist) || strings.Contains(e.msg, msgENOENT)
+	return false
 }

 // Protocol to differentiate between IPv4 and IPv6
@ -106,8 +112,20 @@ func Timeout(timeout int) option {
 	}
 }

-// New creates a new IPTables configured with the options passed as parameter.
-// For backwards compatibility, by default always uses IPv4 and timeout 0.
+func Path(path string) option {
+	return func(ipt *IPTables) {
+		ipt.path = path
+	}
+}
+
+// New creates a new IPTables configured with the options passed as parameters.
+// Supported parameters are:
+//
+//	IPFamily(Protocol)
+//	Timeout(int)
+//	Path(string)
+//
+// For backwards compatibility, by default New uses IPv4 and timeout 0.
 // i.e. you can create an IPv6 IPTables using a timeout of 5 seconds passing
 // the IPFamily and Timeout options as follow:
 //
@ -117,13 +135,21 @@ func New(opts ...option) (*IPTables, error) {
 	ipt := &IPTables{
 		proto:   ProtocolIPv4,
 		timeout: 0,
+		path:    "",
 	}

 	for _, opt := range opts {
 		opt(ipt)
 	}

-	path, err := exec.LookPath(getIptablesCommand(ipt.proto))
+	// if path wasn't preset through New(Path()), autodiscover it
+	cmd := ""
+	if ipt.path == "" {
+		cmd = getIptablesCommand(ipt.proto)
+	} else {
+		cmd = ipt.path
+	}
+	path, err := exec.LookPath(cmd)
 	if err != nil {
 		return nil, err
 	}
@ -241,6 +267,12 @@ func (ipt *IPTables) DeleteIfExists(table, chain string, rulespec ...string) err
 	return err
 }

+// DeleteById deletes the rule with the specified ID in the given table and chain.
+func (ipt *IPTables) DeleteById(table, chain string, id int) error {
+	cmd := []string{"-t", table, "-D", chain, strconv.Itoa(id)}
+	return ipt.run(cmd...)
+}
+
 // List rules in specified table/chain
 func (ipt *IPTables) ListById(table, chain string, id int) (string, error) {
 	args := []string{"-t", table, "-S", chain, strconv.Itoa(id)}
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -62,7 +62,7 @@ github.com/containernetworking/cni/pkg/types/create
 github.com/containernetworking/cni/pkg/types/internal
 github.com/containernetworking/cni/pkg/utils
 github.com/containernetworking/cni/pkg/version
-# github.com/coreos/go-iptables v0.7.0
+# github.com/coreos/go-iptables v0.8.0
 ## explicit; go 1.16
 github.com/coreos/go-iptables/iptables
 # github.com/coreos/go-systemd/v22 v22.5.0