libnet/d/overlay: clean up iptables rules on network delete

This commit removes iptables rules configured for secure overlay networks when a network is deleted. Prior to this commit, only CreateNetwork() was taking care of removing stale iptables rules. If one of the iptables rule can't be removed, the erorr is logged but it doesn't prevent network deletion. Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-17 00:39:22 +02:00 · 2023-04-17 00:39:22 +02:00 · 1e1efe1f61
commit 1e1efe1f61
parent 5bf405b2af
1 changed files with 19 additions and 0 deletions
--- a/libnetwork/drivers/overlay/ov_network.go
+++ b/libnetwork/drivers/overlay/ov_network.go
@ -216,6 +216,25 @@ func (d *driver) DeleteNetwork(nid string) error {
 	doPeerFlush = true
 	delete(d.networks, nid)

+	if n.secure {
+		for _, s := range n.subnets {
+			if err := programMangle(s.vni, false); err != nil {
+				logrus.WithFields(logrus.Fields{
+					logrus.ErrorKey: err,
+					"network_id":    n.id,
+					"subnet":        s.subnetIP,
+				}).Warn("Failed to clean up iptables rules during overlay network deletion")
+			}
+			if err := programInput(s.vni, false); err != nil {
+				logrus.WithFields(logrus.Fields{
+					logrus.ErrorKey: err,
+					"network_id":    n.id,
+					"subnet":        s.subnetIP,
+				}).Warn("Failed to clean up iptables rules during overlay network deletion")
+			}
+		}
+	}
+
 	return nil
 }