Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: bump coreos/go-iptables #563

Merged
merged 2 commits into from
Jan 7, 2021
Merged

Conversation

tlwr
Copy link
Contributor

@tlwr tlwr commented Dec 31, 2020

Closes #544

The above issue describes a situation where using the bridge plugin with IPv6 addresses prevented DEL from working correctly.

DEL seems to be failing in the body of TeardownIPMasq

This arises because:

PR coreos/go-iptables/pull/74 describes why this does not work. The error message is not being checked correctly.

Using a later version of go-iptables means that

  • when the second ipt.Delete fails (this is okay)
  • we will correctly interpret this as an non-fatal error
  • TeardownIPMasq will not prematurely exit the method
  • ipt.ClearChain now can run
  • ipt.DeleteChain now can run

This explains why this was working for v4 but not v6

--

Edit: as mentioned in comments below, I've updated this to vendor go-iptables@v0.5.0

go.mod Outdated Show resolved Hide resolved
@mars1024 mars1024 requested a review from squeed January 4, 2021 11:26
Closes containernetworking#544

The above issue describes a situation where using the bridge plugin
with IPv6 addresses prevented `DEL` from working correctly.

`DEL` seems to be failing in the body of `TeardownIPMasq`

This arises because:

* twice delete postrouting rules: `ipn.String()` `ipn.IP.String()` containernetworking#279
* we are using a version of go-iptables which is bugged for v6

PR github.com/coreos/go-iptables/pull/74 describes why this does
not work. The error message is not being checked correctly.

Using a later version of go-iptables means that
* when the second `ipt.Delete` fails (this is okay)
* we will correctly interpret this as an non-fatal error
* `TeardownIPMasq` will not prematurely exit the method
* `ipt.ClearChain` now can run
* `ipt.DeleteChain` now can run

This explains why this was working for v4 but not v6

This commit was amended to include v0.5.0 instead of a pseudo-version
v0.4.6-0.20200318170312-12696f5c9108

Signed-off-by: toby lorne <toby@toby.codes>
go.sum Outdated Show resolved Hide resolved
Copy link
Contributor

@bboreham bboreham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Signed-off-by: toby lorne <toby@toby.codes>
Copy link
Member

@mars1024 mars1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm, also thanks to @haircommander for the release

@bboreham bboreham merged commit 3819ef7 into containernetworking:master Jan 7, 2021
smira added a commit to smira/pkgs that referenced this pull request Feb 4, 2021
Build CNI plugins instead of downloading pre-built binaries.

Bump version to master to fix `ip6tables` issue:

containernetworking/plugins#563

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
talos-bot pushed a commit to siderolabs/pkgs that referenced this pull request Feb 5, 2021
Build CNI plugins instead of downloading pre-built binaries.

Bump version to master to fix `ip6tables` issue:

containernetworking/plugins#563

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

'DEL' can not clean up all ip6tables
4 participants