fix: support setting iptables mode

Signed-off-by: OrangeBao <[email protected]>
kosmos-io · Dec 7, 2023 · f3ab136 · f3ab136
1 parent 8847a72
commit f3ab136
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 15 deletions.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/bep/debounce v1.2.1
 	github.com/containerd/console v1.0.3
 	github.com/containerd/containerd v1.6.14
-	github.com/coreos/go-iptables v0.6.0
+	github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46
 	github.com/docker/docker v24.0.6+incompatible
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-logr/logr v1.2.3

diff --git a/go.sum b/go.sum
@@ -643,8 +643,8 @@ github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
-github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46 h1:AVVvARdGRuTtYO/DetrN9Z1G0kMbrqV7KLOH/J4byiM=
+github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=

diff --git a/pkg/clusterlink/network/iptables/iptables.go b/pkg/clusterlink/network/iptables/iptables.go
@@ -22,6 +22,8 @@ limitations under the License.
 package iptables
 
 import (
+	"os"
+
 	"github.com/coreos/go-iptables/iptables"
 	"github.com/pkg/errors"
 )
@@ -60,7 +62,8 @@ func New(proto iptables.Protocol) (Interface, error) {
 		return NewFunc()
 	}
 
-	ipt, err := iptables.New(iptables.IPFamily(proto), iptables.Timeout(5))
+	// IPTABLES_PATH: the path decision the model of iptable, /sbin/xtables-nft-multi => nf_tables
+	ipt, err := iptables.New(iptables.IPFamily(proto), iptables.Timeout(5), iptables.Path(os.Getenv("IPTABLES_PATH")))
 	if err != nil {
 		return nil, errors.Wrap(err, "error creating IP tables")
 	}

diff --git a/vendor/github.com/coreos/go-iptables/iptables/iptables.go b/vendor/github.com/coreos/go-iptables/iptables/iptables.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -145,7 +145,7 @@ github.com/containerd/ttrpc
 # github.com/containerd/typeurl v1.0.2
 ## explicit; go 1.13
 github.com/containerd/typeurl
-# github.com/coreos/go-iptables v0.6.0
+# github.com/coreos/go-iptables v0.7.1-0.20231102141700-50d824baaa46
 ## explicit; go 1.16
 github.com/coreos/go-iptables/iptables
 # github.com/coreos/go-semver v0.3.1