Merge pull request kosmos-io#315 from OrangeBao/fix_iptablesmode

kosmos-robot · web-flow · commit 111f549315ab · 2023-12-13T09:46:55.000+08:00
feat: support setting iptables mode
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/bep/debounce v1.2.1
 	github.com/containerd/console v1.0.3
 	github.com/containerd/containerd v1.6.14
-	github.com/coreos/go-iptables v0.6.0
+	github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46
 	github.com/docker/docker v24.0.6+incompatible
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-logr/logr v1.2.3
diff --git a/go.sum b/go.sum
@@ -643,8 +643,8 @@ github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
-github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46 h1:AVVvARdGRuTtYO/DetrN9Z1G0kMbrqV7KLOH/J4byiM=
+github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
diff --git a/pkg/clusterlink/network/iptables/iptables.go b/pkg/clusterlink/network/iptables/iptables.go
@@ -22,6 +22,8 @@ limitations under the License.
 package iptables
 
 import (
+	"os"
+
 	"github.com/coreos/go-iptables/iptables"
 	"github.com/pkg/errors"
 )
@@ -60,7 +62,8 @@ func New(proto iptables.Protocol) (Interface, error) {
 		return NewFunc()
 	}
 
-	ipt, err := iptables.New(iptables.IPFamily(proto), iptables.Timeout(5))
+	// IPTABLES_PATH: the path decision the model of iptable, /sbin/xtables-nft-multi => nf_tables
+	ipt, err := iptables.New(iptables.IPFamily(proto), iptables.Timeout(5), iptables.Path(os.Getenv("IPTABLES_PATH")))
 	if err != nil {
 		return nil, errors.Wrap(err, "error creating IP tables")
 	}
diff --git a/vendor/github.com/coreos/go-iptables/iptables/iptables.go b/vendor/github.com/coreos/go-iptables/iptables/iptables.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -145,7 +145,7 @@ github.com/containerd/ttrpc
 # github.com/containerd/typeurl v1.0.2
 ## explicit; go 1.13
 github.com/containerd/typeurl
-# github.com/coreos/go-iptables v0.6.0
+# github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46
 ## explicit; go 1.16
 github.com/coreos/go-iptables/iptables
 # github.com/coreos/go-semver v0.3.1

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ limitations under the License.`
`22`	`22`	`package iptables`
`23`	`23`
`24`	`24`	`import (`
	`25`	`+ "os"`
	`26`	`+`
`25`	`27`	`"github.com/coreos/go-iptables/iptables"`
`26`	`28`	`"github.com/pkg/errors"`
`27`	`29`	`)`
`@@ -60,7 +62,8 @@ func New(proto iptables.Protocol) (Interface, error) {`
`60`	`62`	`return NewFunc()`
`61`	`63`	`}`
`62`	`64`
`63`		`- ipt, err := iptables.New(iptables.IPFamily(proto), iptables.Timeout(5))`
	`65`	`+ // IPTABLES_PATH: the path decision the model of iptable, /sbin/xtables-nft-multi => nf_tables`
	`66`	`+ ipt, err := iptables.New(iptables.IPFamily(proto), iptables.Timeout(5), iptables.Path(os.Getenv("IPTABLES_PATH")))`
`64`	`67`	`if err != nil {`
`65`	`68`	`return nil, errors.Wrap(err, "error creating IP tables")`
`66`	`69`	`}`