diff --git a/libnetwork/resolver_unix.go b/libnetwork/resolver_unix.go index d308437d66..e16251112e 100644 --- a/libnetwork/resolver_unix.go +++ b/libnetwork/resolver_unix.go @@ -4,17 +4,17 @@ package libnetwork import ( + "fmt" "net" "github.com/docker/docker/libnetwork/iptables" - "github.com/sirupsen/logrus" ) const ( - // outputChain used for docker embed dns + // output chain used for docker embedded DNS resolver outputChain = "DOCKER_OUTPUT" - //postroutingchain used for docker embed dns - postroutingchain = "DOCKER_POSTROUTING" + // postrouting chain used for docker embedded DNS resolver + postroutingChain = "DOCKER_POSTROUTING" ) func (r *resolver) setupIPTable() error { @@ -27,36 +27,60 @@ func (r *resolver) setupIPTable() error { _, tcpPort, _ := net.SplitHostPort(ltcpaddr) rules := [][]string{ {"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", laddr}, - {"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort}, + {"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort}, {"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", ltcpaddr}, - {"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort}, + {"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort}, } - return r.backend.ExecFunc(func() { + var setupErr error + err := r.backend.ExecFunc(func() { // TODO IPv6 support iptable := iptables.GetIptable(iptables.IPv4) // insert outputChain and postroutingchain err := iptable.RawCombinedOutputNative("-t", "nat", "-C", "OUTPUT", "-d", resolverIP, "-j", outputChain) if err == nil { - iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain) + if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain); err != nil { + setupErr = err + return + } } else { - iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain) - iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain) + if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain); err != nil { + setupErr = err + return + } + if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain); err != nil { + setupErr = err + return + } } - err = iptable.RawCombinedOutputNative("-t", "nat", "-C", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain) + err = iptable.RawCombinedOutputNative("-t", "nat", "-C", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain) if err == nil { - iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingchain) + if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingChain); err != nil { + setupErr = err + return + } } else { - iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingchain) - iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain) + if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingChain); err != nil { + setupErr = err + return + } + if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain); err != nil { + setupErr = err + return + } } for _, rule := range rules { if iptable.RawCombinedOutputNative(rule...) != nil { - logrus.Errorf("set up rule failed, %v", rule) + setupErr = fmt.Errorf("set up rule failed, %v", rule) + return } } }) + if err != nil { + return err + } + return setupErr }