adelorenzo/kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reconcile prepend rules

Browse Source
This commit is contained in:
Alex Stockinger 2022-07-26 13:30:55 +00:00
parent 59dee6638e
commit 378dafffe8
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/iptables/iptables.go
View File

@ -347,6 +347,13 @@ func (c *Controller) reconcile() error {
c.Lock() c.Lock()
defer c.Unlock() defer c.Unlock()
var rc ruleCache var rc ruleCache
if err := c.reconcileAppendRules(rc); err != nil {
return err
}
return c.reconcilePrependRules(rc)
}
func (c *Controller) reconcileAppendRules(rc ruleCache) error {
for i, r := range c.appendRules { for i, r := range c.appendRules {
ok, err := rc.exists(c.client(r.Proto()), r) ok, err := rc.exists(c.client(r.Proto()), r)
if err != nil { if err != nil {
@ -363,6 +370,22 @@ func (c *Controller) reconcile() error {
return nil return nil
} }
func (c *Controller) reconcilePrependRules(rc ruleCache) error {
for _, r := range c.prependRules {
ok, err := rc.exists(c.client(r.Proto()), r)
if err != nil {
return fmt.Errorf("failed to check if rule exists: %v", err)
}
if !ok {
level.Info(c.logger).Log("msg", "prepending iptables rule")
if err := r.Prepend(c.client(r.Proto())); err != nil {
return fmt.Errorf("failed to prepend rule: %v", err)
}
}
}
return nil
}
// resetFromIndex re-adds all rules starting from the given index. // resetFromIndex re-adds all rules starting from the given index.
func (c *Controller) resetFromIndex(i int, rules []Rule) error { func (c *Controller) resetFromIndex(i int, rules []Rule) error {
if i >= len(rules) { if i >= len(rules) {