Add iptables-legacy command constant and update detection logic

Copilot · matmerr · Copilot · commit 1defb2fd3147 · 2025-07-08T18:10:28.000Z
Co-authored-by: matmerr &lt;6521405+matmerr@users.noreply.github.com&gt;
diff --git a/npm/pkg/dataplane/policies/chain-management_linux.go b/npm/pkg/dataplane/policies/chain-management_linux.go
@@ -257,7 +257,7 @@ func (pMgr *PolicyManager) detectIptablesVersion() error {
 	}
 
 	klog.Info("second attempt detecting iptables version. looking for hint/canary chain in iptables-legacy")
-	if pMgr.hintOrCanaryChainExist(util.IptablesLegacy) {
+	if pMgr.hintOrCanaryChainExist(util.IptablesLegacyCmd) {
 		util.SetIptablesToLegacy()
 		return nil
 	}
diff --git a/npm/pkg/dataplane/policies/chain-management_linux_test.go b/npm/pkg/dataplane/policies/chain-management_linux_test.go
@@ -936,7 +936,7 @@ func TestDetectIptablesVersion(t *testing.T) {
 					ExitCode: 1,
 				},
 				{
-					Cmd:      []string{"iptables", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"},
+					Cmd:      []string{"iptables-legacy", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"},
 					ExitCode: 0,
 				},
 			},
@@ -954,11 +954,11 @@ func TestDetectIptablesVersion(t *testing.T) {
 					ExitCode: 1,
 				},
 				{
-					Cmd:      []string{"iptables", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"},
+					Cmd:      []string{"iptables-legacy", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"},
 					ExitCode: 1,
 				},
 				{
-					Cmd:      []string{"iptables", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"},
+					Cmd:      []string{"iptables-legacy", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"},
 					ExitCode: 1,
 				},
 			},
@@ -976,11 +976,11 @@ func TestDetectIptablesVersion(t *testing.T) {
 					ExitCode: 2,
 				},
 				{
-					Cmd:      []string{"iptables", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"},
+					Cmd:      []string{"iptables-legacy", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"},
 					ExitCode: 2,
 				},
 				{
-					Cmd:      []string{"iptables", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"},
+					Cmd:      []string{"iptables-legacy", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"},
 					ExitCode: 2,
 				},
 			},
diff --git a/npm/util/const.go b/npm/util/const.go
@@ -38,6 +38,7 @@ const (
 	IptablesSaveNft            string = "iptables-nft-save"
 	IptablesRestoreNft         string = "iptables-nft-restore"
 	IptablesLegacy             string = "iptables"
+	IptablesLegacyCmd          string = "iptables-legacy"
 	IptablesSaveLegacy         string = "iptables-save"
 	IptablesRestoreLegacy      string = "iptables-restore"
 	IptablesRestoreNoFlushFlag string = "--noflush"

Original file line number	Diff line number	Diff line change
`@@ -257,7 +257,7 @@ func (pMgr *PolicyManager) detectIptablesVersion() error {`
`257`	`257`	`}`
`258`	`258`
`259`	`259`	`klog.Info("second attempt detecting iptables version. looking for hint/canary chain in iptables-legacy")`
`260`		`- if pMgr.hintOrCanaryChainExist(util.IptablesLegacy) {`
	`260`	`+ if pMgr.hintOrCanaryChainExist(util.IptablesLegacyCmd) {`
`261`	`261`	`util.SetIptablesToLegacy()`
`262`	`262`	`return nil`
`263`	`263`	`}`