diff --git a/npm/pkg/dataplane/policies/chain-management_linux.go b/npm/pkg/dataplane/policies/chain-management_linux.go index 734443929a..0b6ecb64b4 100644 --- a/npm/pkg/dataplane/policies/chain-management_linux.go +++ b/npm/pkg/dataplane/policies/chain-management_linux.go @@ -257,7 +257,7 @@ func (pMgr *PolicyManager) detectIptablesVersion() error { } klog.Info("second attempt detecting iptables version. looking for hint/canary chain in iptables-legacy") - if pMgr.hintOrCanaryChainExist(util.IptablesLegacy) { + if pMgr.hintOrCanaryChainExist(util.IptablesLegacyCmd) { util.SetIptablesToLegacy() return nil } diff --git a/npm/pkg/dataplane/policies/chain-management_linux_test.go b/npm/pkg/dataplane/policies/chain-management_linux_test.go index 1f92837f4b..b1b9c53bd2 100644 --- a/npm/pkg/dataplane/policies/chain-management_linux_test.go +++ b/npm/pkg/dataplane/policies/chain-management_linux_test.go @@ -936,7 +936,7 @@ func TestDetectIptablesVersion(t *testing.T) { ExitCode: 1, }, { - Cmd: []string{"iptables", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"}, + Cmd: []string{"iptables-legacy", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"}, ExitCode: 0, }, }, @@ -954,11 +954,11 @@ func TestDetectIptablesVersion(t *testing.T) { ExitCode: 1, }, { - Cmd: []string{"iptables", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"}, + Cmd: []string{"iptables-legacy", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"}, ExitCode: 1, }, { - Cmd: []string{"iptables", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"}, + Cmd: []string{"iptables-legacy", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"}, ExitCode: 1, }, }, @@ -976,11 +976,11 @@ func TestDetectIptablesVersion(t *testing.T) { ExitCode: 2, }, { - Cmd: []string{"iptables", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"}, + Cmd: []string{"iptables-legacy", "-w", "60", "-L", "KUBE-IPTABLES-HINT", "-t", "mangle", "-n"}, ExitCode: 2, }, { - Cmd: []string{"iptables", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"}, + Cmd: []string{"iptables-legacy", "-w", "60", "-L", "KUBE-KUBELET-CANARY", "-t", "mangle", "-n"}, ExitCode: 2, }, }, diff --git a/npm/util/const.go b/npm/util/const.go index 59ffa2ef05..89ce2a62ae 100644 --- a/npm/util/const.go +++ b/npm/util/const.go @@ -38,6 +38,7 @@ const ( IptablesSaveNft string = "iptables-nft-save" IptablesRestoreNft string = "iptables-nft-restore" IptablesLegacy string = "iptables" + IptablesLegacyCmd string = "iptables-legacy" IptablesSaveLegacy string = "iptables-save" IptablesRestoreLegacy string = "iptables-restore" IptablesRestoreNoFlushFlag string = "--noflush"