We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
moby
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Fix duplicated iptables rules

The `iptables.Exists` function is wrong in two ways:
1. The iptables -C call doesn't add `-j DOCKER` and fails to match
2. The long path takes ordering into account in comparison and fails to match

This patch fixes issue 1 by including `-j DOCKER` in the check.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Arnaud Porterie 10 lat temu
rodzic
e228afce04
commit
9e7d2fe74e
1 zmienionych plików z 9 dodań i 7 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 9 7
      libnetwork/iptables/iptables.go

+ 9 - 7
libnetwork/iptables/iptables.go
Wyświetl plik 

@@ -99,7 +99,8 @@ func NewChain(name, bridge string, table Table, hairpinMode bool) (*Chain, error
 
 	case Nat:
 
 		preroute := []string{
 
 			"-m", "addrtype",
 
-			"--dst-type", "LOCAL"}
 
+			"--dst-type", "LOCAL",
 
+			"-j", c.Name}
 
 		if !Exists(Nat, "PREROUTING", preroute...) {
 
 			if err := c.Prerouting(Append, preroute...); err != nil {
 
 				return nil, fmt.Errorf("Failed to inject docker in PREROUTING chain: %s", err)
 
@@ -107,7 +108,8 @@ func NewChain(name, bridge string, table Table, hairpinMode bool) (*Chain, error
 
 		}
 
 		output := []string{
 
 			"-m", "addrtype",
 
-			"--dst-type", "LOCAL"}
 
+			"--dst-type", "LOCAL",
 
+			"-j", c.Name}
 
 		if !hairpinMode {
 
 			output = append(output, "!", "--dst", "127.0.0.0/8")
 
 		}
 
@@ -228,7 +230,7 @@ func (c *Chain) Prerouting(action Action, args ...string) error {
 
 	if len(args) > 0 {
 
 		a = append(a, args...)
 
 	}
 
-	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {
 
+	if output, err := Raw(a...); err != nil {
 
 		return err
 
 	} else if len(output) != 0 {
 
 		return ChainError{Chain: "PREROUTING", Output: output}
 
@@ -242,7 +244,7 @@ func (c *Chain) Output(action Action, args ...string) error {
 
 	if len(args) > 0 {
 
 		a = append(a, args...)
 
 	}
 
-	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {
 
+	if output, err := Raw(a...); err != nil {
 
 		return err
 
 	} else if len(output) != 0 {
 
 		return ChainError{Chain: "OUTPUT", Output: output}
 
@@ -254,9 +256,9 @@ func (c *Chain) Output(action Action, args ...string) error {
 
 func (c *Chain) Remove() error {
 
 	// Ignore errors - This could mean the chains were never set up
 
 	if c.Table == Nat {
 
-		c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL")
 
-		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "!", "--dst", "127.0.0.0/8")
 
-		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL") // Created in versions <= 0.1.6
 
+		c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name)
 
+		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "!", "--dst", "127.0.0.0/8", "-j", c.Name)
 
+		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name) // Created in versions <= 0.1.6
 
 
 		c.Prerouting(Delete)
 
 		c.Output(Delete)

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5