kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Clean up docker chain of filter table as well on driver init

Browse source 
Signed-off-by: Chun Chen <ramichen@tencent.com>
This commit is contained in:
Chun Chen 2015-09-15 16:30:10 +08:00
parent e1bfa95f41
commit 797c32bcac
4 changed files with 50 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
libnetwork/drivers/bridge/bridge.go
View file

@ -134,10 +134,7 @@ func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
if err := iptables.FirewalldInit(); err != nil { if err := iptables.FirewalldInit(); err != nil {
logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err) logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
} }
if err := iptables.RemoveExistingChain(DockerChain, iptables.Nat); err != nil { removeIPChains()
logrus.Warnf("Failed to remove existing iptables entries in %s : %v", DockerChain, err)
}
d := newDriver() d := newDriver()
if err := d.configure(config); err != nil { if err := d.configure(config); err != nil {
return err return err

29
libnetwork/drivers/bridge/bridge_test.go
View file

@ -816,3 +816,32 @@ func TestSetDefaultGw(t *testing.T) {
t.Fatalf("Failed to configure default gateway. Expected %v. Found %v", gw6, te.gw6) t.Fatalf("Failed to configure default gateway. Expected %v. Found %v", gw6, te.gw6)
} }
} }
type fakeCallBack struct{}
func (cb fakeCallBack) RegisterDriver(name string, driver driverapi.Driver, capability driverapi.Capability) error {
return nil
}
func TestCleanupIptableRules(t *testing.T) {
defer testutils.SetupTestOSContext(t)()
bridgeChain := []iptables.ChainInfo{
iptables.ChainInfo{Name: DockerChain, Table: iptables.Nat},
iptables.ChainInfo{Name: DockerChain, Table: iptables.Filter},
iptables.ChainInfo{Name: IsolationChain, Table: iptables.Filter},
}
if _, _, _, err := setupIPChains(&configuration{EnableIPTables: true}); err != nil {
t.Fatalf("Error setting up ip chains: %v", err)
}
for _, chainInfo := range bridgeChain {
if !iptables.ExistChain(chainInfo.Name, chainInfo.Table) {
t.Fatalf("iptables chain %s of %s table should have been created", chainInfo.Name, chainInfo.Table)
}
}
Init(fakeCallBack{}, make(map[string]interface{}))
for _, chainInfo := range bridgeChain {
if iptables.ExistChain(chainInfo.Name, chainInfo.Table) {
t.Fatalf("iptables chain %s of %s table should have been deleted", chainInfo.Name, chainInfo.Table)
}
}
}

12
libnetwork/drivers/bridge/setup_ip_tables.go
View file

@ -309,3 +309,15 @@ func ensureJumpRule(fromChain, toChain string) error {
return nil return nil
} }
func removeIPChains() {
for _, chainInfo := range []iptables.ChainInfo{
iptables.ChainInfo{Name: DockerChain, Table: iptables.Nat},
iptables.ChainInfo{Name: DockerChain, Table: iptables.Filter},
iptables.ChainInfo{Name: IsolationChain, Table: iptables.Filter},
} {
if err := chainInfo.Remove(); err != nil {
logrus.Warnf("Failed to remove existing iptables entries in table %s chain %s : %v", chainInfo.Table, chainInfo.Name, err)
}
}
}

8
libnetwork/iptables/iptables.go
View file

@ -361,3 +361,11 @@ func RawCombinedOutput(args ...string) error {
} }
return nil return nil
} }
// ExistChain checks if a chain exists
func ExistChain(chain string, table Table) bool {
if _, err := Raw("-t", string(table), "-L", chain); err == nil {
return true
}
return false
}