libnetwork/iptables: ChainInfo: don't pass whole IPTable as value

It only needed the IPVersion, so let's pass that instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

libnetwork/drivers/bridge/setup_ip_tables.go

@@ -17,6 +17,7 @@ import (
 // DockerChain: DOCKER iptable chain name
 const (
 	DockerChain = "DOCKER"
+
 	// Isolation between bridge networks is achieved in two stages by means
 	// of the following two chains in the filter table. The first chain matches
 	// on the source interface being a bridge network's bridge and the
@@ -26,6 +27,7 @@ const (
 	// bridge. A positive match identifies a packet originated from one bridge
 	// network's bridge destined to another bridge network's bridge and will
 	// result in the packet being dropped. No match returns to the parent chain.
+
 	IsolationChain1 = "DOCKER-ISOLATION-STAGE-1"
 	IsolationChain2 = "DOCKER-ISOLATION-STAGE-2"
 )
@@ -382,11 +384,11 @@ func removeIPChains(version iptables.IPVersion) {
 
 	// Remove chains
 	for _, chainInfo := range []iptables.ChainInfo{
-		{Name: DockerChain, Table: iptables.Nat, IPTable: ipt},
-		{Name: DockerChain, Table: iptables.Filter, IPTable: ipt},
-		{Name: IsolationChain1, Table: iptables.Filter, IPTable: ipt},
-		{Name: IsolationChain2, Table: iptables.Filter, IPTable: ipt},
-		{Name: oldIsolationChain, Table: iptables.Filter, IPTable: ipt},
+		{Name: DockerChain, Table: iptables.Nat, IPVersion: version},
+		{Name: DockerChain, Table: iptables.Filter, IPVersion: version},
+		{Name: IsolationChain1, Table: iptables.Filter, IPVersion: version},
+		{Name: IsolationChain2, Table: iptables.Filter, IPVersion: version},
+		{Name: oldIsolationChain, Table: iptables.Filter, IPVersion: version},
 	} {
 		if err := chainInfo.Remove(); err != nil {
 			log.G(context.TODO()).Warnf("Failed to remove existing iptables entries in table %s chain %s : %v", chainInfo.Table, chainInfo.Name, err)

libnetwork/iptables/iptables.go

@@ -75,7 +75,7 @@ type ChainInfo struct {
 	Name        string
 	Table       Table
 	HairpinMode bool
-	IPTable     IPTable
+	IPVersion   IPVersion
 }
 
 // ChainError is returned to represent errors during ip table operation.
@@ -160,7 +160,7 @@ func (iptable IPTable) NewChain(name string, table Table, hairpinMode bool) (*Ch
 		Name:        name,
 		Table:       table,
 		HairpinMode: hairpinMode,
-		IPTable:     iptable,
+		IPVersion:   iptable.Version,
 	}, nil
 }
 
@@ -279,16 +279,16 @@ func (iptable IPTable) RemoveExistingChain(name string, table Table) error {
 		table = Filter
 	}
 	c := &ChainInfo{
-		Name:    name,
-		Table:   table,
-		IPTable: iptable,
+		Name:      name,
+		Table:     table,
+		IPVersion: iptable.Version,
 	}
 	return c.Remove()
 }
 
 // Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table.
 func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int, bridgeName string) error {
-	iptable := GetIptable(c.IPTable.Version)
+	iptable := GetIptable(c.IPVersion)
 	daddr := ip.String()
 	if ip.IsUnspecified() {
 		// iptables interprets "0.0.0.0" as "0.0.0.0/32", whereas we
@@ -361,7 +361,7 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr
 // Link adds reciprocal ACCEPT rule for two supplied IP addresses.
 // Traffic is allowed from ip1 to ip2 and vice-versa
 func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error {
-	iptable := GetIptable(c.IPTable.Version)
+	iptable := GetIptable(c.IPVersion)
 	// forward
 	args := []string{
 		"-i", bridgeName, "-o", bridgeName,
@@ -393,7 +393,7 @@ func (iptable IPTable) ProgramRule(table Table, chain string, action Action, arg
 
 // Prerouting adds linking rule to nat/PREROUTING chain.
 func (c *ChainInfo) Prerouting(action Action, args ...string) error {
-	iptable := GetIptable(c.IPTable.Version)
+	iptable := GetIptable(c.IPVersion)
 	a := []string{"-t", string(Nat), string(action), "PREROUTING"}
 	if len(args) > 0 {
 		a = append(a, args...)
@@ -412,7 +412,7 @@ func (c *ChainInfo) Output(action Action, args ...string) error {
 	if len(args) > 0 {
 		a = append(a, args...)
 	}
-	if output, err := GetIptable(c.IPTable.Version).Raw(a...); err != nil {
+	if output, err := GetIptable(c.IPVersion).Raw(a...); err != nil {
 		return err
 	} else if len(output) != 0 {
 		return ChainError{Chain: "OUTPUT", Output: output}
@@ -422,7 +422,7 @@ func (c *ChainInfo) Output(action Action, args ...string) error {
 
 // Remove removes the chain.
 func (c *ChainInfo) Remove() error {
-	iptable := GetIptable(c.IPTable.Version)
+	iptable := GetIptable(c.IPVersion)
 	// Ignore errors - This could mean the chains were never set up
 	if c.Table == Nat {
 		_ = c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name)