Skip to content

Commit bce0cbc

Browse files
committed
add validation as part of the iptables insert command
1 parent 802420e commit bce0cbc

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

iptables/iptables.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package iptables
33
// This package contains wrapper functions to program iptables rules
44

55
import (
6+
"errors"
67
"fmt"
78

89
"github.com/Azure/azure-container-networking/cni/log"
@@ -11,6 +12,7 @@ import (
1112
)
1213

1314
var logger = log.CNILogger.With(zap.String("component", "cni-iptables"))
15+
var errCouldNotValidateRuleExists = errors.New("could not validate iptable rule exists after insertion")
1416

1517
// cni iptable chains
1618
const (
@@ -171,7 +173,14 @@ func (c *Client) InsertIptableRule(version, tableName, chainName, match, target
171173
}
172174

173175
cmd := c.GetInsertIptableRuleCmd(version, tableName, chainName, match, target)
174-
return c.RunCmd(version, cmd.Params)
176+
err := c.RunCmd(version, cmd.Params)
177+
if err != nil {
178+
return err
179+
}
180+
if !c.RuleExists(version, tableName, chainName, match, target) {
181+
return errCouldNotValidateRuleExists
182+
}
183+
return nil
175184
}
176185

177186
func (c *Client) GetAppendIptableRuleCmd(version, tableName, chainName, match, target string) IPTableEntry {

0 commit comments

Comments
 (0)