align getting iptables legacy with iptables

QxBytes · QxBytes · commit 7070daab2efc · 2025-08-21T12:28:32.000-07:00
diff --git a/cns/restserver/internalapi_linux.go b/cns/restserver/internalapi_linux.go
@@ -23,8 +23,8 @@ func (c *IPtablesProvider) GetIPTables() (iptablesClient, error) {
 	client, err := goiptables.New()
 	return client, errors.Wrap(err, "failed to get iptables client")
 }
-func (c *IPtablesProvider) GetIPTablesLegacy() iptablesLegacyClient {
-	return &iptablesLegacy{}
+func (c *IPtablesProvider) GetIPTablesLegacy() (iptablesLegacyClient, error) {
+	return &iptablesLegacy{}, nil
 }
 
 type iptablesLegacy struct{}
@@ -43,8 +43,12 @@ func (service *HTTPRestService) programSNATRules(req *cns.CreateNetworkContainer
 	// in podsubnet case, ncPrimaryIP is the pod subnet's primary ip
 	// in vnet scale case, ncPrimaryIP is the node's ip
 	ncPrimaryIP, _, _ := net.ParseCIDR(req.IPConfiguration.IPSubnet.IPAddress + "/" + fmt.Sprintf("%d", req.IPConfiguration.IPSubnet.PrefixLength))
-	iptl := service.iptables.GetIPTablesLegacy()
-	err := iptl.Delete(iptables.Nat, iptables.Postrouting, "-j", SWIFTPOSTROUTING)
+
+	iptl, err := service.iptables.GetIPTablesLegacy()
+	if err != nil {
+		return types.UnexpectedError, fmt.Sprintf("[Azure CNS] Error. Failed to create iptables legacy interface : %v", err)
+	}
+	err = iptl.Delete(iptables.Nat, iptables.Postrouting, "-j", SWIFTPOSTROUTING)
 	// ignore if command fails
 	if err == nil {
 		logger.Printf("[Azure CNS] Deleted legacy jump to SWIFT-POSTROUTING Chain")
diff --git a/cns/restserver/internalapi_linux_test.go b/cns/restserver/internalapi_linux_test.go
@@ -27,11 +27,11 @@ func (c *FakeIPTablesProvider) GetIPTables() (iptablesClient, error) {
 	return c.iptables, nil
 }
 
-func (c *FakeIPTablesProvider) GetIPTablesLegacy() iptablesLegacyClient {
+func (c *FakeIPTablesProvider) GetIPTablesLegacy() (iptablesLegacyClient, error) {
 	if c.iptablesLegacy == nil {
 		c.iptablesLegacy = &fakes.IPTablesLegacyMock{}
 	}
-	return c.iptablesLegacy
+	return c.iptablesLegacy, nil
 }
 
 func TestAddSNATRules(t *testing.T) {
diff --git a/cns/restserver/restserver.go b/cns/restserver/restserver.go
@@ -70,7 +70,7 @@ type iptablesLegacyClient interface {
 
 type iptablesGetter interface {
 	GetIPTables() (iptablesClient, error)
-	GetIPTablesLegacy() iptablesLegacyClient
+	GetIPTablesLegacy() (iptablesLegacyClient, error)
 }
 
 // HTTPRestService represents http listener for CNS - Container Networking Service.

Original file line number	Diff line number	Diff line change
`@@ -27,11 +27,11 @@ func (c *FakeIPTablesProvider) GetIPTables() (iptablesClient, error) {`
`27`	`27`	`return c.iptables, nil`
`28`	`28`	`}`
`29`	`29`
`30`		`-func (c *FakeIPTablesProvider) GetIPTablesLegacy() iptablesLegacyClient {`
	`30`	`+func (c *FakeIPTablesProvider) GetIPTablesLegacy() (iptablesLegacyClient, error) {`
`31`	`31`	`if c.iptablesLegacy == nil {`
`32`	`32`	`c.iptablesLegacy = &fakes.IPTablesLegacyMock{}`
`33`	`33`	`}`
`34`		`- return c.iptablesLegacy`
	`34`	`+ return c.iptablesLegacy, nil`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`func TestAddSNATRules(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ type iptablesLegacyClient interface {`
`70`	`70`
`71`	`71`	`type iptablesGetter interface {`
`72`	`72`	`GetIPTables() (iptablesClient, error)`
`73`		`- GetIPTablesLegacy() iptablesLegacyClient`
	`73`	`+ GetIPTablesLegacy() (iptablesLegacyClient, error)`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`// HTTPRestService represents http listener for CNS - Container Networking Service.`