Merge pull request #126 from mrjana/cnm_integ

Brought in iptables package from docker

libnetwork/Godeps/Godeps.json

@@ -20,11 +20,6 @@
 			"Comment": "v1.4.1-3152-g3e85803",
 			"Rev": "3e85803f311c3883a9b395ad046c894ea255e9be"
 		},
-		{
-			"ImportPath": "github.com/docker/docker/pkg/iptables",
-			"Comment": "v1.4.1-3152-g3e85803",
-			"Rev": "3e85803f311c3883a9b395ad046c894ea255e9be"
-		},
 		{
 			"ImportPath": "github.com/docker/docker/pkg/mflag",
 			"Comment": "v1.4.1-3152-g3e85803",

libnetwork/drivers/bridge/bridge_test.go

@@ -7,8 +7,8 @@ import (
 	"regexp"
 	"testing"
 
-	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/libnetwork/netutils"
+	"github.com/docker/libnetwork/pkg/iptables"
 	"github.com/docker/libnetwork/pkg/netlabel"
 	"github.com/vishvananda/netlink"
 )

libnetwork/drivers/bridge/link.go

@@ -5,8 +5,8 @@ import (
 	"net"
 
 	log "github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/libnetwork/netutils"
+	"github.com/docker/libnetwork/pkg/iptables"
 )
 
 type link struct {

libnetwork/drivers/bridge/setup_ip_tables.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/libnetwork/netutils"
+	"github.com/docker/libnetwork/pkg/iptables"
 )
 
 // DockerChain: DOCKER iptable chain name

libnetwork/drivers/bridge/setup_ip_tables_test.go

@@ -4,8 +4,8 @@ import (
 	"net"
 	"testing"
 
-	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/libnetwork/netutils"
+	"github.com/docker/libnetwork/pkg/iptables"
 )
 
 const (

libnetwork/pkg/iptables/firewalld.go

@@ -8,12 +8,16 @@ import (
 	"github.com/godbus/dbus"
 )
 
+// IPV defines the table string
 type IPV string
 
 const (
-	Iptables  IPV = "ipv4"
-	Ip6tables IPV = "ipv6"
-	Ebtables  IPV = "eb"
+	// Iptables point ipv4 table
+	Iptables IPV = "ipv4"
+	// IP6tables point to ipv6 table
+	IP6tables IPV = "ipv6"
+	// Ebtables point to bridge table
+	Ebtables IPV = "eb"
 )
 const (
 	dbusInterface = "org.fedoraproject.FirewallD1"
@@ -33,6 +37,7 @@ var (
 	onReloaded       []*func() // callbacks when Firewalld has been reloaded
 )
 
+// FirewalldInit initializes firewalld management code.
 func FirewalldInit() {
 	var err error
 
@@ -97,16 +102,16 @@ func signalHandler() {
 
 func dbusConnectionChanged(args []interface{}) {
 	name := args[0].(string)
-	old_owner := args[1].(string)
-	new_owner := args[2].(string)
+	oldOwner := args[1].(string)
+	newOwner := args[2].(string)
 
 	if name != dbusInterface {
 		return
 	}
 
-	if len(new_owner) > 0 {
+	if len(newOwner) > 0 {
 		connectionEstablished()
-	} else if len(old_owner) > 0 {
+	} else if len(oldOwner) > 0 {
 		connectionLost()
 	}
 }
@@ -126,7 +131,7 @@ func reloaded() {
 	}
 }
 
-// add callback
+// OnReloaded add callback
 func OnReloaded(callback func()) {
 	for _, pf := range onReloaded {
 		if pf == &callback {
@@ -150,7 +155,7 @@ func checkRunning() bool {
 	return false
 }
 
-// Firewalld's passthrough method simply passes args through to iptables/ip6tables
+// Passthrough method simply passes args through to iptables/ip6tables
 func Passthrough(ipv IPV, args ...string) ([]byte, error) {
 	var output string
 

libnetwork/pkg/iptables/iptables.go

@@ -12,30 +12,42 @@ import (
 	"github.com/Sirupsen/logrus"
 )
 
+//Action signifies the iptable action.
 type Action string
+
+//Table refers to Nat, Filter or Mangle.
 type Table string
 
 const (
+	//Append appends the rule at the end of the chain.
 	Append Action = "-A"
+	//Delete deletes the rule from the chain.
 	Delete Action = "-D"
+	//Insert inserts the rule at the top of the chain.
 	Insert Action = "-I"
-	Nat    Table  = "nat"
-	Filter Table  = "filter"
-	Mangle Table  = "mangle"
+	//Nat table is used for nat translation rules.
+	Nat Table = "nat"
+	//Filter table is used for filter rules.
+	Filter Table = "filter"
+	//Mangle table is used for mangling the packet.
+	Mangle Table = "mangle"
 )
 
 var (
-	iptablesPath        string
-	supportsXlock       = false
+	iptablesPath  string
+	supportsXlock = false
+	//ErrIptablesNotFound is returned when the rule is not found.
 	ErrIptablesNotFound = errors.New("Iptables not found")
 )
 
+//Chain defines the iptables chain.
 type Chain struct {
 	Name   string
 	Bridge string
 	Table  Table
 }
 
+//ChainError is returned to represent errors during ip table operation.
 type ChainError struct {
 	Chain  string
 	Output []byte
@@ -58,6 +70,7 @@ func initCheck() error {
 	return nil
 }
 
+//NewChain adds a new chain to ip table.
 func NewChain(name, bridge string, table Table) (*Chain, error) {
 	c := &Chain{
 		Name:   name,
@@ -113,6 +126,7 @@ func NewChain(name, bridge string, table Table) (*Chain, error) {
 	return c, nil
 }
 
+//RemoveExistingChain removes existing chain from the table.
 func RemoveExistingChain(name string, table Table) error {
 	c := &Chain{
 		Name:  name,
@@ -124,7 +138,7 @@ func RemoveExistingChain(name string, table Table) error {
 	return c.Remove()
 }
 
-// Add forwarding rule to 'filter' table and corresponding nat rule to 'nat' table
+//Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table
 func (c *Chain) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int) error {
 	daddr := ip.String()
 	if ip.IsUnspecified() {
@@ -171,7 +185,7 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, destAddr stri
 	return nil
 }
 
-// Add reciprocal ACCEPT rule for two supplied IP addresses.
+//Link adds reciprocal ACCEPT rule for two supplied IP addresses.
 // Traffic is allowed from ip1 to ip2 and vice-versa
 func (c *Chain) Link(action Action, ip1, ip2 net.IP, port int, proto string) error {
 	if output, err := Raw("-t", string(Filter), string(action), c.Name,
@@ -199,7 +213,7 @@ func (c *Chain) Link(action Action, ip1, ip2 net.IP, port int, proto string) err
 	return nil
 }
 
-// Add linking rule to nat/PREROUTING chain.
+//Prerouting adds linking rule to nat/PREROUTING chain.
 func (c *Chain) Prerouting(action Action, args ...string) error {
 	a := []string{"-t", string(Nat), string(action), "PREROUTING"}
 	if len(args) > 0 {
@@ -213,7 +227,7 @@ func (c *Chain) Prerouting(action Action, args ...string) error {
 	return nil
 }
 
-// Add linking rule to an OUTPUT chain
+//Output adds linking rule to an OUTPUT chain
 func (c *Chain) Output(action Action, args ...string) error {
 	a := []string{"-t", string(c.Table), string(action), "OUTPUT"}
 	if len(args) > 0 {
@@ -227,6 +241,7 @@ func (c *Chain) Output(action Action, args ...string) error {
 	return nil
 }
 
+// Remove removes the chain
 func (c *Chain) Remove() error {
 	// Ignore errors - This could mean the chains were never set up
 	if c.Table == Nat {
@@ -242,7 +257,7 @@ func (c *Chain) Remove() error {
 	return nil
 }
 
-// Check if a rule exists
+//Exists checks if a rule exists
 func Exists(table Table, chain string, rule ...string) bool {
 	if string(table) == "" {
 		table = Filter
@@ -273,7 +288,7 @@ func Exists(table Table, chain string, rule ...string) bool {
 	)
 }
 
-// Call 'iptables' system command, passing supplied arguments
+//Raw calls 'iptables' system command, passing supplied arguments
 func Raw(args ...string) ([]byte, error) {
 	if firewalldRunning {
 		output, err := Passthrough(Iptables, args...)

libnetwork/portmapper/mapper.go

@@ -7,7 +7,7 @@ import (
 	"sync"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/pkg/iptables"
+	"github.com/docker/libnetwork/pkg/iptables"
 	"github.com/docker/libnetwork/pkg/portallocator"
 )
 

libnetwork/portmapper/mapper_test.go

@@ -4,7 +4,7 @@ import (
 	"net"
 	"testing"
 
-	"github.com/docker/docker/pkg/iptables"
+	"github.com/docker/libnetwork/pkg/iptables"
 )
 
 func init() {