Skip to content

Fix iptables symlink detection to use explicit iptables-legacy command #3778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Fix iptables symlink detection to use explicit iptables-legacy command #3778

wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jul 8, 2025
edited
Loading

Problem

When detecting iptables version, the Azure NPM code correctly uses iptables-nft for NFT detection, but when legacy iptables is detected, it uses the iptables symlink instead of the explicit iptables-legacy command. This causes warning messages and potential inconsistencies.

From the issue logs:

I0708 16:14:16.001722       1 chain-management_linux.go:523] executing iptables command [iptables-nft] with args [-w 60 -L KUBE-IPTABLES-HINT -t mangle -n]
2025/07/08 16:14:16 [1] error: There was an error running command: [iptables-nft -w 60 -L KUBE-IPTABLES-HINT -t mangle -n] Stderr: [exit status 1, # Warning: iptables-legacy tables present, use iptables-legacy to see them

Solution

Updated the iptables detection logic to use explicit commands for both NFT and legacy detection:

  • NFT detection: iptables-nft (already working correctly)
  • Legacy detection: iptables-legacy (fixed to use explicit command)

Changes

  1. Added new constant: IptablesLegacyCmd = "iptables-legacy" in npm/util/const.go
  2. Updated detection logic: Modified detectIptablesVersion() in npm/pkg/dataplane/policies/chain-management_linux.go to use util.IptablesLegacyCmd instead of util.IptablesLegacy
  3. Updated tests: All test cases now expect iptables-legacy command calls

Before vs After

Before:

executing iptables command [iptables] with args [-w 60 -L KUBE-IPTABLES-HINT -t mangle -n]

After:

executing iptables command [iptables-legacy] with args [-w 60 -L KUBE-IPTABLES-HINT -t mangle -n]

Benefits

  • ✅ Eliminates symlink warnings mentioned in the issue
  • ✅ Consistent explicit command usage for both NFT and legacy detection
  • ✅ Follows the same pattern: iptables-nft vs iptables-legacy
  • ✅ No regression in existing functionality
  • ✅ All existing tests pass

Testing

  • All existing unit tests pass with updated expectations
  • Detection logic correctly handles both NFT and legacy scenarios
  • Commands are called in the expected sequence
  • Validated against the exact issue scenario

Fixes #3777.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] Azure NPM IPtables symlink Fix iptables symlink detection to use explicit iptables-legacy command Jul 8, 2025
Copilot AI requested a review from matmerr July 8, 2025 18:16
Copilot finished work on behalf of matmerr July 8, 2025 18:16
@github-actions
Copy link

github-actions bot commented Jul 23, 2025

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Stale due to inactivity. label Jul 23, 2025
@github-actions
Copy link

github-actions bot commented Jul 31, 2025

Pull request closed due to inactivity.

@github-actions github-actions bot closed this Jul 31, 2025
@github-actions github-actions bot deleted the copilot/fix-3777 branch July 31, 2025 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matmerr matmerr Awaiting requested review from matmerr

Assignees

@matmerr matmerr

Copilot code review Copilot

Labels

stale Stale due to inactivity.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Azure NPM IPtables symlink

2 participants

@matmerr