From b8d2ac9b65b5a287b541db16966ff4454b25f7db Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Wed, 13 Jan 2016 23:23:43 -0800 Subject: [PATCH] Honor --iptables=false in bridge - When flag is false, not only do not program the chains, also do not perform any cleanup Signed-off-by: Alessandro Boch --- libnetwork/drivers/bridge/bridge.go | 3 ++- libnetwork/drivers/bridge/bridge_test.go | 8 +------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/libnetwork/drivers/bridge/bridge.go b/libnetwork/drivers/bridge/bridge.go index 7b2bdebd20..2bb4350e9d 100644 --- a/libnetwork/drivers/bridge/bridge.go +++ b/libnetwork/drivers/bridge/bridge.go @@ -135,7 +135,7 @@ func Init(dc driverapi.DriverCallback, config map[string]interface{}) error { if err := iptables.FirewalldInit(); err != nil { logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err) } - removeIPChains() + d := newDriver() if err := d.configure(config); err != nil { return err @@ -378,6 +378,7 @@ func (d *driver) configure(option map[string]interface{}) error { } if config.EnableIPTables { + removeIPChains() natChain, filterChain, isolationChain, err = setupIPChains(config) if err != nil { return err diff --git a/libnetwork/drivers/bridge/bridge_test.go b/libnetwork/drivers/bridge/bridge_test.go index 1518776de4..42a2f28758 100644 --- a/libnetwork/drivers/bridge/bridge_test.go +++ b/libnetwork/drivers/bridge/bridge_test.go @@ -817,12 +817,6 @@ func TestSetDefaultGw(t *testing.T) { } } -type fakeCallBack struct{} - -func (cb fakeCallBack) RegisterDriver(name string, driver driverapi.Driver, capability driverapi.Capability) error { - return nil -} - func TestCleanupIptableRules(t *testing.T) { defer testutils.SetupTestOSContext(t)() bridgeChain := []iptables.ChainInfo{ @@ -838,7 +832,7 @@ func TestCleanupIptableRules(t *testing.T) { t.Fatalf("iptables chain %s of %s table should have been created", chainInfo.Name, chainInfo.Table) } } - Init(fakeCallBack{}, make(map[string]interface{})) + removeIPChains() for _, chainInfo := range bridgeChain { if iptables.ExistChain(chainInfo.Name, chainInfo.Table) { t.Fatalf("iptables chain %s of %s table should have been deleted", chainInfo.Name, chainInfo.Table)