GitList

Browse code

Merge pull request #9271 from jfrazelle/iptables-errors

Typed errors for iptables chain raw command output. YAYYYYYY.

Alexander Morozov authored on 2014/11/21 12:03:38
Showing 2 changed files

daemon/networkdriver/bridge/driver.go index 5d0040a..04d88a4 100644
pkg/iptables/iptables.go index 53e6e14..b783347 100644

@@ -195,7 +195,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
 			if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {
 				return fmt.Errorf("Unable to enable network bridge NAT: %s", err)
 			} else if len(output) != 0 {
-				return fmt.Errorf("Error iptables postrouting: %s", output)
+				return &iptables.ChainError{Chain: "POSTROUTING", Output: output}
 			}
 		}
 	}
@@ -236,7 +236,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
 		if output, err := iptables.Raw(append([]string{"-I"}, outgoingArgs...)...); err != nil {
 			return fmt.Errorf("Unable to allow outgoing packets: %s", err)
 		} else if len(output) != 0 {
-			return fmt.Errorf("Error iptables allow outgoing: %s", output)
+			return &iptables.ChainError{Chain: "FORWARD outgoing", Output: output}
 		}
 	}
 
@@ -247,7 +247,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
 		if output, err := iptables.Raw(append([]string{"-I"}, existingArgs...)...); err != nil {
 			return fmt.Errorf("Unable to allow incoming packets: %s", err)
 		} else if len(output) != 0 {
-			return fmt.Errorf("Error iptables allow incoming: %s", output)
+			return &iptables.ChainError{Chain: "FORWARD incoming", Output: output}
 		}
 	}
 	return nil

pkg/iptables/iptables.go

History View file @ e3f3259

@@ -20,9 +20,9 @@ const (
+                     )
                      var (
                     -	ErrIptablesNotFound = errors.New("Iptables not found")
                      	nat                 = []string{"-t", "nat"}
                      	supportsXlock       = false
                     +	ErrIptablesNotFound = errors.New("Iptables not found")
+                     )
                      type Chain struct {
@@ -30,6 +30,15 @@ type Chain struct {
                      	Bridge string
+                     }
                     +type ChainError struct {
                     +	Chain  string
                     +	Output []byte
                     +}
+                    +
                     +func (e *ChainError) Error() string {
                     +	return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
                     +}
+                    +
                      func init() {
                      	supportsXlock = exec.Command("iptables", "--wait", "-L", "-n").Run() == nil
+                     }
@@ -78,7 +87,7 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str
                      		"--to-destination", net.JoinHostPort(dest_addr, strconv.Itoa(dest_port))); err != nil {
                      		return err
                      	} else if len(output) != 0 {
                     -		return fmt.Errorf("Error iptables forward: %s", output)
                     +		return &ChainError{Chain: "FORWARD", Output: output}
+                     	}
                      	fAction := action
@@ -94,7 +103,7 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str
                      		"-j", "ACCEPT"); err != nil {
                      		return err
                      	} else if len(output) != 0 {
                     -		return fmt.Errorf("Error iptables forward: %s", output)
                     +		return &ChainError{Chain: "FORWARD", Output: output}
+                     	}
                      	return nil
@@ -108,7 +117,7 @@ func (c *Chain) Prerouting(action Action, args ...string) error {
                      	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {
                      		return err
                      	} else if len(output) != 0 {
                     -		return fmt.Errorf("Error iptables prerouting: %s", output)
                     +		return &ChainError{Chain: "PREROUTING", Output: output}
+                     	}
                      	return nil
+                     }
@@ -121,7 +130,7 @@ func (c *Chain) Output(action Action, args ...string) error {
                      	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {
                      		return err
                      	} else if len(output) != 0 {
                     -		return fmt.Errorf("Error iptables output: %s", output)
                     +		return &ChainError{Chain: "OUTPUT", Output: output}
+                     	}
                      	return nil
+                     }

...	...	@@ -195,7 +195,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
195	195	if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {
196	196	return fmt.Errorf("Unable to enable network bridge NAT: %s", err)
197	197	} else if len(output) != 0 {
198		- return fmt.Errorf("Error iptables postrouting: %s", output)
	198	+ return &iptables.ChainError{Chain: "POSTROUTING", Output: output}
199	199	}
200	200	}
201	201	}
...	...	@@ -236,7 +236,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
236	236	if output, err := iptables.Raw(append([]string{"-I"}, outgoingArgs...)...); err != nil {
237	237	return fmt.Errorf("Unable to allow outgoing packets: %s", err)
238	238	} else if len(output) != 0 {
239		- return fmt.Errorf("Error iptables allow outgoing: %s", output)
	239	+ return &iptables.ChainError{Chain: "FORWARD outgoing", Output: output}
240	240	}
241	241	}
242	242
...	...	@@ -247,7 +247,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
247	247	if output, err := iptables.Raw(append([]string{"-I"}, existingArgs...)...); err != nil {
248	248	return fmt.Errorf("Unable to allow incoming packets: %s", err)
249	249	} else if len(output) != 0 {
250		- return fmt.Errorf("Error iptables allow incoming: %s", output)
	250	+ return &iptables.ChainError{Chain: "FORWARD incoming", Output: output}
251	251	}
252	252	}
253	253	return nil