Merge pull request #930 from aboch/fd

mavenugo · mavenugo · commit 758664919529 · 2016-02-05T15:44:08.000-08:00
When programming iptables in container use native API
diff --git a/iptables/iptables.go b/iptables/iptables.go
@@ -325,9 +325,11 @@ func Raw(args ...string) ([]byte, error) {
 		if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
 			return output, err
 		}
-
 	}
+	return raw(args...)
+}
 
+func raw(args ...string) ([]byte, error) {
 	if err := initCheck(); err != nil {
 		return nil, err
 	}
@@ -362,6 +364,15 @@ func RawCombinedOutput(args ...string) error {
 	return nil
 }
 
+// RawCombinedOutputNative behave as RawCombinedOutput with the difference it
+// will always invoke `iptables` binary
+func RawCombinedOutputNative(args ...string) error {
+	if output, err := raw(args...); err != nil || len(output) != 0 {
+		return fmt.Errorf("%s (%v)", string(output), err)
+	}
+	return nil
+}
+
 // ExistChain checks if a chain exists
 func ExistChain(chain string, table Table) bool {
 	if _, err := Raw("-t", string(table), "-L", chain); err == nil {
diff --git a/resolver.go b/resolver.go
@@ -95,7 +95,7 @@ func (r *resolver) SetupFunc() func() {
 		}
 
 		for _, rule := range rules {
-			r.err = iptables.RawCombinedOutput(rule...)
+			r.err = iptables.RawCombinedOutputNative(rule...)
 			if r.err != nil {
 				return
 			}

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ func (r *resolver) SetupFunc() func() {`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`for _, rule := range rules {`
`98`		`- r.err = iptables.RawCombinedOutput(rule...)`
	`98`	`+ r.err = iptables.RawCombinedOutputNative(rule...)`
`99`	`99`	`if r.err != nil {`
`100`	`100`	`return`
`101`	`101`	`}`