Make iptables use semver lib
This commit is contained in:
Tim Hockin
@@ -21,10 +21,10 @@ import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/coreos/go-semver/semver"
|
||||
"github.com/golang/glog"
|
||||
"k8s.io/kubernetes/pkg/util"
|
||||
utilexec "k8s.io/kubernetes/pkg/util/exec"
|
||||
@@ -106,6 +106,10 @@ type FlushFlag bool
|
||||
const FlushTables FlushFlag = true
|
||||
const NoFlushTables FlushFlag = false
|
||||
|
||||
// Versions of iptables less than this do not support the -C / --check flag
|
||||
// (test whether a rule exists).
|
||||
const MinCheckVersion = "1.4.11"
|
||||
|
||||
// runner implements Interface in terms of exec("iptables").
|
||||
type runner struct {
|
||||
mu sync.Mutex
|
||||
@@ -399,44 +403,24 @@ func makeFullArgs(table Table, chain Chain, args ...string) []string {
|
||||
|
||||
// Checks if iptables has the "-C" flag
|
||||
func getIptablesHasCheckCommand(exec utilexec.Interface) (bool, error) {
|
||||
minVersion, err := semver.NewVersion(MinCheckVersion)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
// Returns "vX.Y.Z".
|
||||
vstring, err := GetIptablesVersionString(exec)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
v1, v2, v3, err := extractIptablesVersion(vstring)
|
||||
// Make a semver of the part after the v in "vX.X.X".
|
||||
version, err := semver.NewVersion(vstring[1:])
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return iptablesHasCheckCommand(v1, v2, v3), nil
|
||||
}
|
||||
|
||||
// extractIptablesVersion returns the first three components of the iptables version.
|
||||
// e.g. "iptables v1.3.66" would return (1, 3, 66, nil)
|
||||
func extractIptablesVersion(str string) (int, int, int, error) {
|
||||
versionMatcher := regexp.MustCompile("v([0-9]+)\\.([0-9]+)\\.([0-9]+)")
|
||||
result := versionMatcher.FindStringSubmatch(str)
|
||||
if result == nil {
|
||||
return 0, 0, 0, fmt.Errorf("no iptables version found in string: %s", str)
|
||||
if version.LessThan(*minVersion) {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
v1, err := strconv.Atoi(result[1])
|
||||
if err != nil {
|
||||
return 0, 0, 0, err
|
||||
}
|
||||
|
||||
v2, err := strconv.Atoi(result[2])
|
||||
if err != nil {
|
||||
return 0, 0, 0, err
|
||||
}
|
||||
|
||||
v3, err := strconv.Atoi(result[3])
|
||||
if err != nil {
|
||||
return 0, 0, 0, err
|
||||
}
|
||||
|
||||
return v1, v2, v3, nil
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// GetIptablesVersionString runs "iptables --version" to get the version string,
|
||||
@@ -455,17 +439,3 @@ func GetIptablesVersionString(exec utilexec.Interface) (string, error) {
|
||||
}
|
||||
return match[0], nil
|
||||
}
|
||||
|
||||
// Checks if an iptables version is after 1.4.11, when --check was added
|
||||
func iptablesHasCheckCommand(v1 int, v2 int, v3 int) bool {
|
||||
if v1 > 1 {
|
||||
return true
|
||||
}
|
||||
if v1 == 1 && v2 > 4 {
|
||||
return true
|
||||
}
|
||||
if v1 == 1 && v2 == 4 && v3 >= 11 {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user