Ipv6; Support ipset with "family inet6" (#538)

Lars Ekman · murali-reddy · commit 05907d8defd3 · 2018-09-23T12:42:52.000+05:30
* Ipv6; Support ipset with "family inet6"

* Removed unnecessary comment
diff --git a/pkg/controllers/netpol/network_policy_controller.go b/pkg/controllers/netpol/network_policy_controller.go
@@ -861,7 +861,7 @@ func cleanupStaleRules(activePolicyChains, activePodFwChains, activePolicyIPSets
 	if err != nil {
 		glog.Fatalf("failed to initialize iptables command executor due to %s", err.Error())
 	}
-	ipsets, err := utils.NewIPSet()
+	ipsets, err := utils.NewIPSet(false)
 	if err != nil {
 		glog.Fatalf("failed to create ipsets command executor due to %s", err.Error())
 	}
@@ -1444,7 +1444,7 @@ func (npc *NetworkPolicyController) Cleanup() {
 	}
 
 	// delete all ipsets
-	ipset, err := utils.NewIPSet()
+	ipset, err := utils.NewIPSet(false)
 	if err != nil {
 		glog.Errorf("Failed to clean up ipsets: " + err.Error())
 	}
@@ -1548,7 +1548,7 @@ func NewNetworkPolicyController(clientset kubernetes.Interface,
 	}
 	npc.nodeIP = nodeIP
 
-	ipset, err := utils.NewIPSet()
+	ipset, err := utils.NewIPSet(false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/routing/network_routes_controller.go b/pkg/controllers/routing/network_routes_controller.go
@@ -469,7 +469,7 @@ func (nrc *NetworkRoutingController) Cleanup() {
 	}
 
 	// delete all ipsets created by kube-router
-	ipset, err := utils.NewIPSet()
+	ipset, err := utils.NewIPSet(false)
 	if err != nil {
 		glog.Errorf("Failed to clean up ipsets: " + err.Error())
 	}
@@ -808,7 +808,7 @@ func NewNetworkRoutingController(clientset kubernetes.Interface,
 		}
 	}
 
-	nrc.ipSetHandler, err = utils.NewIPSet()
+	nrc.ipSetHandler, err = utils.NewIPSet(false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/utils/ipset.go b/pkg/utils/ipset.go
@@ -83,6 +83,7 @@ const (
 type IPSet struct {
 	ipSetPath *string
 	Sets      map[string]*Set
+	isIpv6    bool
 }
 
 // Set reprensent a ipset set entry.
@@ -146,14 +147,15 @@ func (ipset *IPSet) runWithStdin(stdin *bytes.Buffer, args ...string) (string, e
 }
 
 // NewIPSet create a new IPSet with ipSetPath initialized.
-func NewIPSet() (*IPSet, error) {
+func NewIPSet(isIpv6 bool) (*IPSet, error) {
 	ipSetPath, err := getIPSetPath()
 	if err != nil {
 		return nil, err
 	}
 	ipSet := &IPSet{
 		ipSetPath: ipSetPath,
 		Sets:      make(map[string]*Set),
+		isIpv6:    isIpv6,
 	}
 	return ipSet, nil
 }
@@ -180,13 +182,22 @@ func (ipset *IPSet) Create(setName string, createOptions ...string) (*Set, error
 
 	// Create set if missing from the system
 	if !setIsActive {
-		_, err := ipset.run(append([]string{"create", "-exist", setName},
-			createOptions...)...)
-		if err != nil {
-			return nil, fmt.Errorf("Failed to create ipset set on system: %s", err)
+		if ipset.isIpv6 {
+			// Add "family inet6" option and a "inet6:" prefix for IPv6 sets.
+			args := []string{"create", "-exist", ipset.Sets[setName].name()}
+			args = append(args, createOptions...)
+			args = append(args, "family", "inet6")
+			if _, err := ipset.run(args...); err != nil {
+				return nil, fmt.Errorf("Failed to create ipset set on system: %s", err)
+			}
+		} else {
+			_, err := ipset.run(append([]string{"create", "-exist", setName},
+				createOptions...)...)
+			if err != nil {
+				return nil, fmt.Errorf("Failed to create ipset set on system: %s", err)
+			}
 		}
 	}
-
 	return ipset.Sets[setName], nil
 }
 
@@ -215,7 +226,7 @@ func (set *Set) Add(addOptions ...string) (*Entry, error) {
 		Options: addOptions,
 	}
 	set.Entries = append(set.Entries, entry)
-	_, err := set.Parent.run(append([]string{"add", "-exist", entry.Set.Name}, addOptions...)...)
+	_, err := set.Parent.run(append([]string{"add", "-exist", entry.Set.name()}, addOptions...)...)
 	if err != nil {
 		return nil, err
 	}
@@ -225,7 +236,7 @@ func (set *Set) Add(addOptions ...string) (*Entry, error) {
 // Del an entry from a set. If the -exist option is specified and the entry is
 // not in the set (maybe already expired), then the command is ignored.
 func (entry *Entry) Del() error {
-	_, err := entry.Set.Parent.run(append([]string{"del", entry.Set.Name}, entry.Options...)...)
+	_, err := entry.Set.Parent.run(append([]string{"del", entry.Set.name()}, entry.Options...)...)
 	if err != nil {
 		return err
 	}
@@ -236,7 +247,7 @@ func (entry *Entry) Del() error {
 // Test wether an entry is in a set or not. Exit status number is zero if the
 // tested entry is in the set and nonzero if it is missing from the set.
 func (set *Set) Test(testOptions ...string) (bool, error) {
-	_, err := set.Parent.run(append([]string{"test", set.Name}, testOptions...)...)
+	_, err := set.Parent.run(append([]string{"test", set.name()}, testOptions...)...)
 	if err != nil {
 		return false, err
 	}
@@ -246,13 +257,12 @@ func (set *Set) Test(testOptions ...string) (bool, error) {
 // Destroy the specified set or all the sets if none is given. If the set has
 // got reference(s), nothing is done and no set destroyed.
 func (set *Set) Destroy() error {
-	_, err := set.Parent.run("destroy", set.Name)
+	_, err := set.Parent.run("destroy", set.name())
 	if err != nil {
 		return err
 	}
 
 	delete(set.Parent.Sets, set.Name)
-
 	return nil
 }
 
@@ -287,7 +297,7 @@ func (ipset *IPSet) DestroyAllWithin() error {
 
 // IsActive checks if a set exists on the system with the same name.
 func (set *Set) IsActive() (bool, error) {
-	_, err := set.Parent.run("list", set.Name)
+	_, err := set.Parent.run("list", set.name())
 	if err != nil {
 		if strings.Contains(err.Error(), "name does not exist") {
 			return false, nil
@@ -297,6 +307,14 @@ func (set *Set) IsActive() (bool, error) {
 	return true, nil
 }
 
+func (set *Set) name() string {
+	if set.Parent.isIpv6 {
+		return "inet6:" + set.Name
+	} else {
+		return set.Name
+	}
+}
+
 // Parse ipset save stdout.
 // ex:
 // create KUBE-DST-3YNVZWWGX3UQQ4VQ hash:ip family inet hashsize 1024 maxelem 65536 timeout 0
@@ -398,7 +416,10 @@ func (ipset *IPSet) Get(setName string) *Set {
 
 // Rename a set. Set identified by SETNAME-TO must not exist.
 func (set *Set) Rename(newName string) error {
-	_, err := set.Parent.run("rename", set.Name, newName)
+	if set.Parent.isIpv6 {
+		newName = "ipv6:" + newName
+	}
+	_, err := set.Parent.run("rename", set.name(), newName)
 	if err != nil {
 		return err
 	}
@@ -409,7 +430,7 @@ func (set *Set) Rename(newName string) error {
 // sets. The referred sets must exist and compatible type of sets can be
 // swapped only.
 func (set *Set) Swap(setTo *Set) error {
-	_, err := set.Parent.run("swap", set.Name, setTo.Name)
+	_, err := set.Parent.run("swap", set.name(), setTo.name())
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -861,7 +861,7 @@ func cleanupStaleRules(activePolicyChains, activePodFwChains, activePolicyIPSets`
`861`	`861`	`if err != nil {`
`862`	`862`	`glog.Fatalf("failed to initialize iptables command executor due to %s", err.Error())`
`863`	`863`	`}`
`864`		`- ipsets, err := utils.NewIPSet()`
	`864`	`+ ipsets, err := utils.NewIPSet(false)`
`865`	`865`	`if err != nil {`
`866`	`866`	`glog.Fatalf("failed to create ipsets command executor due to %s", err.Error())`
`867`	`867`	`}`
`@@ -1444,7 +1444,7 @@ func (npc *NetworkPolicyController) Cleanup() {`
`1444`	`1444`	`}`
`1445`	`1445`
`1446`	`1446`	`// delete all ipsets`
`1447`		`- ipset, err := utils.NewIPSet()`
	`1447`	`+ ipset, err := utils.NewIPSet(false)`
`1448`	`1448`	`if err != nil {`
`1449`	`1449`	`glog.Errorf("Failed to clean up ipsets: " + err.Error())`
`1450`	`1450`	`}`
`@@ -1548,7 +1548,7 @@ func NewNetworkPolicyController(clientset kubernetes.Interface,`
`1548`	`1548`	`}`
`1549`	`1549`	`npc.nodeIP = nodeIP`
`1550`	`1550`
`1551`		`- ipset, err := utils.NewIPSet()`
	`1551`	`+ ipset, err := utils.NewIPSet(false)`
`1552`	`1552`	`if err != nil {`
`1553`	`1553`	`return nil, err`
`1554`	`1554`	`}`
Original file line number	Diff line number	Diff line change
`@@ -469,7 +469,7 @@ func (nrc *NetworkRoutingController) Cleanup() {`
`469`	`469`	`}`
`470`	`470`
`471`	`471`	`// delete all ipsets created by kube-router`
`472`		`- ipset, err := utils.NewIPSet()`
	`472`	`+ ipset, err := utils.NewIPSet(false)`
`473`	`473`	`if err != nil {`
`474`	`474`	`glog.Errorf("Failed to clean up ipsets: " + err.Error())`
`475`	`475`	`}`
`@@ -808,7 +808,7 @@ func NewNetworkRoutingController(clientset kubernetes.Interface,`
`808`	`808`	`}`
`809`	`809`	`}`
`810`	`810`
`811`		`- nrc.ipSetHandler, err = utils.NewIPSet()`
	`811`	`+ nrc.ipSetHandler, err = utils.NewIPSet(false)`
`812`	`812`	`if err != nil {`
`813`	`813`	`return nil, err`
`814`	`814`	`}`