0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request from thaJeztah/libnetwork_bridge_outputvars

Browse source 
libnetwork/drivers/bridge: setupIPChains(): name output variables
This commit is contained in:
Sebastiaan van Stijn 2023-08-16 11:24:44 +02:00 committed by GitHub
commit b3e249f401
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions

14
libnetwork/drivers/bridge/setup_ip_tables_linux.go
View file

@ -30,7 +30,7 @@ const (
IsolationChain2 = "DOCKER-ISOLATION-STAGE-2"
)
func setupIPChains(config configuration, version iptables.IPVersion) (*iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, error) {
func setupIPChains(config configuration, version iptables.IPVersion) (natChain *iptables.ChainInfo, filterChain *iptables.ChainInfo, isolationChain1 *iptables.ChainInfo, isolationChain2 *iptables.ChainInfo, retErr error) {
// Sanity check.
if !config.EnableIPTables {
return nil, nil, nil, nil, errors.New("cannot create new chains, EnableIPTable is disabled")
@ -45,14 +45,14 @@ func setupIPChains(config configuration, version iptables.IPVersion) (*iptables.
return nil, nil, nil, nil, fmt.Errorf("failed to create NAT chain %s: %v", DockerChain, err)
}
defer func() {
if err != nil {
if retErr != nil {
if err := iptable.RemoveExistingChain(DockerChain, iptables.Nat); err != nil {
log.G(context.TODO()).Warnf("failed on removing iptables NAT chain %s on cleanup: %v", DockerChain, err)
}
}
}()
filterChain, err := iptable.NewChain(DockerChain, iptables.Filter, false)
filterChain, err = iptable.NewChain(DockerChain, iptables.Filter, false)
if err != nil {
return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER chain %s: %v", DockerChain, err)
}
@ -64,24 +64,24 @@ func setupIPChains(config configuration, version iptables.IPVersion) (*iptables.
}
}()
isolationChain1, err := iptable.NewChain(IsolationChain1, iptables.Filter, false)
isolationChain1, err = iptable.NewChain(IsolationChain1, iptables.Filter, false)
if err != nil {
return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER isolation chain: %v", err)
}
defer func() {
if err != nil {
if retErr != nil {
if err := iptable.RemoveExistingChain(IsolationChain1, iptables.Filter); err != nil {
log.G(context.TODO()).Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", IsolationChain1, err)
}
}
}()
isolationChain2, err := iptable.NewChain(IsolationChain2, iptables.Filter, false)
isolationChain2, err = iptable.NewChain(IsolationChain2, iptables.Filter, false)
if err != nil {
return nil, nil, nil, nil, fmt.Errorf("failed to create FILTER isolation chain: %v", err)
}
defer func() {
if err != nil {
if retErr != nil {
if err := iptable.RemoveExistingChain(IsolationChain2, iptables.Filter); err != nil {
log.G(context.TODO()).Warnf("failed on removing iptables FILTER chain %s on cleanup: %v", IsolationChain2, err)
}