log iptables command error

Signed-off-by: Qingchuan Hao <[email protected]>
microsoft · Oct 30, 2024 · 8e7d3b2 · 8e7d3b2
1 parent 6ef95a3
commit 8e7d3b2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/Makefile b/Makefile
@@ -183,12 +183,12 @@ retina-capture-workload: ## build the Retina capture workload
 
 ##@ Containers
 
-IMAGE_REGISTRY	?= ghcr.io
+IMAGE_REGISTRY	?= mainred
 IMAGE_NAMESPACE ?= $(shell git config --get remote.origin.url | sed -E 's/.*github\.com[\/:]([^\/]+)\/([^\/.]+)(.git)?/\1\/\2/' | tr '[:upper:]' '[:lower:]')
 
 RETINA_BUILDER_IMAGE			= $(IMAGE_NAMESPACE)/retina-builder
 RETINA_TOOLS_IMAGE				= $(IMAGE_NAMESPACE)/retina-tools
-RETINA_IMAGE 					= $(IMAGE_NAMESPACE)/retina-agent
+RETINA_IMAGE 					= retina-agent
 RETINA_INIT_IMAGE				= $(IMAGE_NAMESPACE)/retina-init
 RETINA_OPERATOR_IMAGE			= $(IMAGE_NAMESPACE)/retina-operator
 RETINA_INTEGRATION_TEST_IMAGE	= $(IMAGE_NAMESPACE)/retina-integration-test
@@ -241,6 +241,7 @@ container-docker: buildx # util target to build container images using docker bu
 	touch $$image_metadata_filename; \
 	echo "Building $$image_name for $$os/$$arch "; \
 	docker buildx build \
+		--push \
 		--platform $(PLATFORM) \
 		--metadata-file=$$image_metadata_filename \
 		-f $(DOCKERFILE) \

diff --git a/pkg/capture/provider/network_capture_unix.go b/pkg/capture/provider/network_capture_unix.go
@@ -197,7 +197,7 @@ type command struct {
 func (ncp *NetworkCaptureProvider) CollectMetadata() error {
 	ncp.l.Info("Start to collect network metadata")
 
-	iptablesMode := obtainIptablesMode()
+	iptablesMode := obtainIptablesMode(ncp.l)
 	ncp.l.Info(fmt.Sprintf("Iptables mode %s is used", iptablesMode))
 	iptablesSaveCmdName := fmt.Sprintf("iptables-%s-save", iptablesMode)
 	iptablesCmdName := fmt.Sprintf("iptables-%s", iptablesMode)
@@ -371,27 +371,29 @@ const (
 	nftIptablesMode    iptablesMode = "nft"
 )
 
-func obtainIptablesMode() iptablesMode {
+func obtainIptablesMode(logger *log.ZapLogger) iptablesMode {
 	// Since iptables v1.8, nf_tables are introduced as an improvement of legacy iptables, but provides the same user
 	// interface as legacy iptables through iptables-nft command.
 	// based on: https://github.com/kubernetes-sigs/iptables-wrappers/blob/97b01f43a8e8db07840fc4b95e833a37c0d36b12/iptables-wrapper-installer.sh
 
-	// when both iptables modes available, we choose the one with more rules.
+	// When both iptables modes available, we choose the one with more rules, because the other one normally outputs empty rules.
 	nftIptablesModeAvaiable := true
 	legacyIptablesModeAvaiable := true
 	legacySaveOut, err := exec.Command("iptables-legacy-save").CombinedOutput()
-	if err != nil && strings.Contains(err.Error(), "command not found") {
-		legacyIptablesModeAvaiable = false
+	if err != nil {
+		nftIptablesModeAvaiable = false
+		logger.Error("Failed to run iptables-legacy-save", zap.Error(err))
 	}
-
 	legacySaveLineNum := len(strings.Split(string(legacySaveOut), "\n"))
+
 	nftSaveOut, err := exec.Command("iptables-nft-save").CombinedOutput()
-	if err != nil && strings.Contains(err.Error(), "command not found") {
+	if err != nil {
 		nftIptablesModeAvaiable = false
+		logger.Error("Failed to run iptables-nft-save", zap.Error(err))
 	}
+	nftSaveLineNum := len(strings.Split(string(nftSaveOut), "\n"))
 
 	if nftIptablesModeAvaiable && legacyIptablesModeAvaiable {
-		nftSaveLineNum := len(strings.Split(string(nftSaveOut), "\n"))
 		if legacySaveLineNum > nftSaveLineNum {
 			return legacyIptablesMode
 		}