From 205e5278c6c17aa306dd8d565b29b8263005958b Mon Sep 17 00:00:00 2001
From: Albin Kerouanton <albinker@gmail.com>
Date: Mon, 6 Dec 2021 01:32:42 +0100
Subject: [PATCH] Merge iptables.probe() into iptables.detectIptables()

The former was doing some checks and logging warnings, whereas
the latter was doing the same checks but to set some internal variables.
As both are called only once and from the same place, there're now
merged together.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
---
 libnetwork/iptables/iptables.go | 46 ++++++++++++++-------------------
 1 file changed, 19 insertions(+), 27 deletions(-)

diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go
index c8da33e457..14d41180bb 100644
--- a/libnetwork/iptables/iptables.go
+++ b/libnetwork/iptables/iptables.go
@@ -88,53 +88,42 @@ func (e ChainError) Error() string {
 	return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
 }
 
-func probe() {
-	path, err := exec.LookPath("iptables")
-	if err != nil {
-		logrus.Warnf("Failed to find iptables: %v", err)
-		return
-	}
-	if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
-		logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-	_, err = exec.LookPath("ip6tables")
-	if err != nil {
-		logrus.Warnf("Failed to find ip6tables: %v", err)
-		return
-	}
-}
-
-func initFirewalld() {
-	if err := FirewalldInit(); err != nil {
-		logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
-	}
-}
-
 func detectIptables() {
 	path, err := exec.LookPath("iptables")
 	if err != nil {
+		logrus.WithError(err).Warnf("failed to find iptables")
 		return
 	}
 	iptablesPath = path
 
-	supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
+	if out, err := exec.Command(path, "--wait", "-L", "-n").CombinedOutput(); err != nil {
+		logrus.WithError(err).Infof("unable to detect if iptables supports xlock: 'iptables --wait -L -n': `%s`", strings.TrimSpace(string(out)))
+	} else {
+		supportsXlock = true
+	}
+
 	mj, mn, mc, err := GetVersion()
 	if err != nil {
 		logrus.Warnf("Failed to read iptables version: %v", err)
-		return
+	} else {
+		supportsCOpt = supportsCOption(mj, mn, mc)
 	}
-	supportsCOpt = supportsCOption(mj, mn, mc)
 
 	path, err = exec.LookPath("ip6tables")
 	if err != nil {
-		return
+		logrus.WithError(err).Warnf("unable to find ip6tables")
 	} else {
 		ip6tablesPath = path
 	}
 }
 
+func initFirewalld() {
+	if err := FirewalldInit(); err != nil {
+		logrus.WithError(err).Debugf("unable to initialize firewalld; using raw iptables instead")
+	}
+}
+
 func initDependencies() {
-	probe()
 	initFirewalld()
 	detectIptables()
 }
@@ -547,6 +536,9 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) {
 	path := iptablesPath
 	commandName := "iptables"
 	if iptable.Version == IPv6 {
+		if ip6tablesPath == "" {
+			return nil, fmt.Errorf("ip6tables is missing")
+		}
 		path = ip6tablesPath
 		commandName = "ip6tables"
 	}