diff --git a/go.mod b/go.mod index f9020174..d1f4edb1 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/alexflint/go-filemutex v1.3.0 github.com/buger/jsonparser v1.1.1 github.com/containernetworking/cni v1.1.2 - github.com/coreos/go-iptables v0.7.0 + github.com/coreos/go-iptables v0.8.0 github.com/coreos/go-systemd/v22 v22.5.0 github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c github.com/d2g/dhcp4client v1.0.0 diff --git a/go.sum b/go.sum index 6a443f9f..f883a72f 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5Z github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= -github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= +github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc= +github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c h1:Xo2rK1pzOm0jO6abTPIQwbAmqBIOj132otexc1mmzFc= diff --git a/vendor/github.com/coreos/go-iptables/iptables/iptables.go b/vendor/github.com/coreos/go-iptables/iptables/iptables.go index e95929c9..b0589959b 100644 --- a/vendor/github.com/coreos/go-iptables/iptables/iptables.go +++ b/vendor/github.com/coreos/go-iptables/iptables/iptables.go @@ -45,15 +45,21 @@ func (e *Error) Error() string { return fmt.Sprintf("running %v: exit status %v: %v", e.cmd.Args, e.ExitStatus(), e.msg) } +var isNotExistPatterns = []string{ + "Bad rule (does a matching rule exist in that chain?).\n", + "No chain/target/match by that name.\n", + "No such file or directory", + "does not exist", +} + // IsNotExist returns true if the error is due to the chain or rule not existing func (e *Error) IsNotExist() bool { - if e.ExitStatus() != 1 { - return false + for _, str := range isNotExistPatterns { + if strings.Contains(e.msg, str) { + return true + } } - msgNoRuleExist := "Bad rule (does a matching rule exist in that chain?).\n" - msgNoChainExist := "No chain/target/match by that name.\n" - msgENOENT := "No such file or directory" - return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist) || strings.Contains(e.msg, msgENOENT) + return false } // Protocol to differentiate between IPv4 and IPv6 @@ -106,8 +112,20 @@ func Timeout(timeout int) option { } } -// New creates a new IPTables configured with the options passed as parameter. -// For backwards compatibility, by default always uses IPv4 and timeout 0. +func Path(path string) option { + return func(ipt *IPTables) { + ipt.path = path + } +} + +// New creates a new IPTables configured with the options passed as parameters. +// Supported parameters are: +// +// IPFamily(Protocol) +// Timeout(int) +// Path(string) +// +// For backwards compatibility, by default New uses IPv4 and timeout 0. // i.e. you can create an IPv6 IPTables using a timeout of 5 seconds passing // the IPFamily and Timeout options as follow: // @@ -117,13 +135,21 @@ func New(opts ...option) (*IPTables, error) { ipt := &IPTables{ proto: ProtocolIPv4, timeout: 0, + path: "", } for _, opt := range opts { opt(ipt) } - path, err := exec.LookPath(getIptablesCommand(ipt.proto)) + // if path wasn't preset through New(Path()), autodiscover it + cmd := "" + if ipt.path == "" { + cmd = getIptablesCommand(ipt.proto) + } else { + cmd = ipt.path + } + path, err := exec.LookPath(cmd) if err != nil { return nil, err } @@ -241,6 +267,12 @@ func (ipt *IPTables) DeleteIfExists(table, chain string, rulespec ...string) err return err } +// DeleteById deletes the rule with the specified ID in the given table and chain. +func (ipt *IPTables) DeleteById(table, chain string, id int) error { + cmd := []string{"-t", table, "-D", chain, strconv.Itoa(id)} + return ipt.run(cmd...) +} + // List rules in specified table/chain func (ipt *IPTables) ListById(table, chain string, id int) (string, error) { args := []string{"-t", table, "-S", chain, strconv.Itoa(id)} diff --git a/vendor/modules.txt b/vendor/modules.txt index cb801bd3..b35a440c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -62,7 +62,7 @@ github.com/containernetworking/cni/pkg/types/create github.com/containernetworking/cni/pkg/types/internal github.com/containernetworking/cni/pkg/utils github.com/containernetworking/cni/pkg/version -# github.com/coreos/go-iptables v0.7.0 +# github.com/coreos/go-iptables v0.8.0 ## explicit; go 1.16 github.com/coreos/go-iptables/iptables # github.com/coreos/go-systemd/v22 v22.5.0