Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 1.9 iptables wrapper #3319

Closed
wants to merge 1 commit into from
Closed

Release 1.9 iptables wrapper #3319

wants to merge 1 commit into from

Conversation

changluyi
Copy link
Collaborator

@changluyi changluyi commented Oct 22, 2023
edited by ghost
Loading

What type of this PR

Examples of user facing changes:

  • Features
  • Bug fixes
  • Docs
  • Tests

Which issue(s) this PR fixes:

Fixes #(issue-number)

WHAT

🤖 Generated by Copilot at 9a26853

This pull request updates and refactors the iptables management for the project, using a newer go-iptables library and adding support for nft mode. It also adds a new utility function for parsing iptables rules with double-quoted comments.

🤖 Generated by Copilot at 9a26853

Oh we are the iptables crew, we work with rules and chains
We split the strings and parse the fields, we migrate and maintain
Heave away, me hearties, heave away with me
We'll make the gateway node secure, with go-iptables library

HOW

🤖 Generated by Copilot at 9a26853

  • Replace the outdated dependency on github.com/coreos/go-iptables with the updated fork github.com/kubeovn/go-iptables (link,link,link,link)
  • Add a new field iptablesObsolete to the Controller struct, and initialize it with the legacy mode iptables instances if the iptables works in nft mode (link,link)
  • Add two helper functions to check the iptables mode by evaluating the symbolic links of the iptables commands (link)
  • Import the "path/filepath" package to use the filepath.EvalSymlinks function (link)
  • Remove some obsolete iptables rules that are no longer needed for the gateway node, and rename the variable abandonedRules to obsoleteRules (link,link,link)
  • Define some constants for the iptables table, chain and comment names, and assign the iptables instance to a local variable ipt (link,link)
  • Add a new function cleanObsoleteIptablesRules to delete the obsolete iptables rules in the legacy mode, and clear the obsolete iptables chains (link)
  • Add a new function deleteObsoleteSnatRules to delete the obsolete SNAT rules for the gateway node, and call it in the setIptables function (link)
  • Add a new function DoubleQuotedFields to split a string into fields by spaces, but preserve the double-quoted parts as a single field, and use it to parse the iptables rules that contain double-quoted comments (link)

@changluyi changluyi force-pushed the release-1.9_iptables_wrapper branch 3 times, most recently from 0943d02 to 23b38df Compare October 23, 2023 02:06
@changluyi changluyi force-pushed the release-1.9_iptables_wrapper branch from 23b38df to 438855a Compare October 23, 2023 02:20
@mergify mergify bot mentioned this pull request Oct 23, 2023
Closed
1 task
@changluyi changluyi closed this Oct 23, 2023
@oilbeater oilbeater deleted the release-1.9_iptables_wrapper branch October 24, 2023 01:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@changluyi