libnet/iptables: split ProgramChain and move to bridge driver#49107
Merged
akerouanton merged 2 commits intomoby:masterfrom Dec 17, 2024
Merged
libnet/iptables: split ProgramChain and move to bridge driver#49107akerouanton merged 2 commits intomoby:masterfrom
akerouanton merged 2 commits intomoby:masterfrom
Conversation
akerouanton
added
status/2-code-review
area/networking
thaJeztah
reviewed
Dec 16, 2024
| return fmt.Errorf("failed to create FILTER chain %s: %v", DockerChain, err) | ||
| } | ||
| defer func() { | ||
| if err != nil { |
Member
There was a problem hiding this comment.
Just noticed this one; is this defer checking the wrong error? (should this be retErr ?)
If so, perhaps something we should fix separately before this one
Member
There was a problem hiding this comment.
Looks like it; I opened a PR to fix that;
akerouanton
force-pushed
the
ipt-split-ProgramChain
branch
3 times, most recently
from
f81862b to
e916376
Compare
The `ProgramChain` method was called exclusively by the bridge driver to insert totally unrelated ipt rules in two different table-chains. Break down this method into two functions, and move them into the bridge pkg. The new function `addNATJumpRules` inserts rules that aren't related to any specific network, and depends solely on the driver config. Call it during driver configuration instead of during network setup. Signed-off-by: Albin Kerouanton <[email protected]>
Signed-off-by: Albin Kerouanton <[email protected]>
akerouanton
force-pushed
the
ipt-split-ProgramChain
branch
from
e916376 to
820dea0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- What I did
The
ProgramChainmethod was called exclusively by the bridge driver to insert totally unrelated ipt rules in two different table-chains.Break down this method into two functions, and move them into the bridge pkg.
The new function
addNATJumpRulesinserts rules that aren't related to any specific network, and depends solely on the driver config. Call it during driver configuration instead of during network setup.- How I did it
- How to verify it
Existing tests, and particularly
iptablesdoc, should pass.