From ccac6dec0c51a216971850085d1ca7539a0115a0 Mon Sep 17 00:00:00 2001 From: Etienne Champetier Date: Tue, 5 Nov 2024 17:24:40 -0500 Subject: [PATCH] portmap: fix iptables conditions detection As show in the docs, iptables conditions can also start with '!' Fixes 01a94e17c77e6ff8e5019e15c42d8d92cf87194f Signed-off-by: Etienne Champetier --- plugins/meta/portmap/main.go | 9 +++++---- plugins/meta/portmap/portmap_test.go | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/plugins/meta/portmap/main.go b/plugins/meta/portmap/main.go index 02df34f9b..28dab921c 100644 --- a/plugins/meta/portmap/main.go +++ b/plugins/meta/portmap/main.go @@ -349,10 +349,11 @@ func detectBackendOfConditions(conditions *[]string) string { return "" } - // The first token of any iptables condition would start with a hyphen (e.g. "-d", - // "--sport", "-m"). No nftables condition would start that way. (An nftables - // condition might include a negative number, but not as the first token.) - if (*conditions)[0][0] == '-' { + // The first character of any iptables condition would either be an hyphen + // (e.g. "-d", "--sport", "-m") or an exclamation mark. + // No nftables condition would start that way. (An nftables condition might + // include a negative number, but not as the first token.) + if (*conditions)[0][0] == '-' || (*conditions)[0][0] == '!' { return iptablesBackend } return nftablesBackend diff --git a/plugins/meta/portmap/portmap_test.go b/plugins/meta/portmap/portmap_test.go index 7cf10f944..7c7aea415 100644 --- a/plugins/meta/portmap/portmap_test.go +++ b/plugins/meta/portmap/portmap_test.go @@ -44,7 +44,7 @@ var _ = Describe("portmapping configuration", func() { }, "snat": false, "conditionsV4": ["-s", "1.2.3.4"], - "conditionsV6": ["-s", "12::34"], + "conditionsV6": ["!", "-s", "12::34"], "prevResult": { "interfaces": [ {"name": "host"}, @@ -76,7 +76,7 @@ var _ = Describe("portmapping configuration", func() { Expect(err).NotTo(HaveOccurred()) Expect(c.CNIVersion).To(Equal(ver)) Expect(c.ConditionsV4).To(Equal(&[]string{"-s", "1.2.3.4"})) - Expect(c.ConditionsV6).To(Equal(&[]string{"-s", "12::34"})) + Expect(c.ConditionsV6).To(Equal(&[]string{"!", "-s", "12::34"})) fvar := false Expect(c.SNAT).To(Equal(&fvar)) Expect(c.Name).To(Equal("test"))