*: add comment to iptables rules for ipmasq

author Stefan Junker <mail@stefanjunker.de>

Thu, 31 Mar 2016 13:44:54 +0000 (15:44 +0200)

committer Stefan Junker <mail@stefanjunker.de>

Thu, 31 Mar 2016 16:01:32 +0000 (18:01 +0200)
author Stefan Junker <mail@stefanjunker.de>
Thu, 31 Mar 2016 13:44:54 +0000 (15:44 +0200)
committer Stefan Junker <mail@stefanjunker.de>
Thu, 31 Mar 2016 16:01:32 +0000 (18:01 +0200)
diff --git a/pkg/ip/ipmasq.go b/pkg/ip/ipmasq.go

index 6901f69..8ee2797 100644 (file)
--- a/pkg/ip/ipmasq.go
+++ b/pkg/ip/ipmasq.go
@@ -23,7 +23,7 @@ import (
  
  // SetupIPMasq installs iptables rules to masquerade traffic
  // coming from ipn and going outside of it
-func SetupIPMasq(ipn *net.IPNet, chain string) error {
+func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error {
         ipt, err := iptables.New()
         if err != nil {
                 return fmt.Errorf("failed to locate iptables: %v", err)
@@ -36,25 +36,25 @@ func SetupIPMasq(ipn *net.IPNet, chain string) error {
                 }
         }
  
-       if err = ipt.AppendUnique("nat", chain, "-d", ipn.String(), "-j", "ACCEPT"); err != nil {
+       if err = ipt.AppendUnique("nat", chain, "-d", ipn.String(), "-j", "ACCEPT", "-m", "comment", "--comment", comment); err != nil {
                 return err
         }
  
-       if err = ipt.AppendUnique("nat", chain, "!", "-d", "224.0.0.0/4", "-j", "MASQUERADE"); err != nil {
+       if err = ipt.AppendUnique("nat", chain, "!", "-d", "224.0.0.0/4", "-j", "MASQUERADE", "-m", "comment", "--comment", comment); err != nil {
                 return err
         }
  
-       return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain)
+       return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment)
  }
  
  // TeardownIPMasq undoes the effects of SetupIPMasq
-func TeardownIPMasq(ipn *net.IPNet, chain string) error {
+func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error {
         ipt, err := iptables.New()
         if err != nil {
                 return fmt.Errorf("failed to locate iptables: %v", err)
         }
  
-       if err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain); err != nil {
+       if err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment); err != nil {
                 return err
         }
  
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go

index ea29c96..7ec139f 100644 (file)
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -19,3 +19,9 @@ func FormatChainName(name string, id string) string {
         chain := fmt.Sprintf("%s%x", chainPrefix, chainBytes)
         return chain[:maxChainLength]
  }
+
+// FormatComment returns a comment used for easier
+// rule identification within iptables.
+func FormatComment(name string, id string) string {
+       return fmt.Sprintf("name: %q id: %q", name, id)
+}
diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go

index d5581bf..e4bc106 100644 (file)
--- a/plugins/main/bridge/bridge.go
+++ b/plugins/main/bridge/bridge.go
@@ -222,7 +222,8 @@ func cmdAdd(args *skel.CmdArgs) error {
  
         if n.IPMasq {
                 chain := utils.FormatChainName(n.Name, args.ContainerID)
-               if err = ip.SetupIPMasq(ip.Network(&result.IP4.IP), chain); err != nil {
+               comment := utils.FormatComment(n.Name, args.ContainerID)
+               if err = ip.SetupIPMasq(ip.Network(&result.IP4.IP), chain, comment); err != nil {
                         return err
                 }
         }
diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go

index b397b79..3035c64 100644 (file)
--- a/plugins/main/ptp/ptp.go
+++ b/plugins/main/ptp/ptp.go
@@ -179,7 +179,8 @@ func cmdAdd(args *skel.CmdArgs) error {
  
         if conf.IPMasq {
                 chain := utils.FormatChainName(conf.Name, args.ContainerID)
-               if err = ip.SetupIPMasq(&result.IP4.IP, chain); err != nil {
+               comment := utils.FormatComment(conf.Name, args.ContainerID)
+               if err = ip.SetupIPMasq(&result.IP4.IP, chain, comment); err != nil {
                         return err
                 }
         }
@@ -206,7 +207,8 @@ func cmdDel(args *skel.CmdArgs) error {
  
         if conf.IPMasq {
                 chain := utils.FormatChainName(conf.Name, args.ContainerID)
-               if err = ip.TeardownIPMasq(ipn, chain); err != nil {
+               comment := utils.FormatComment(conf.Name, args.ContainerID)
+               if err = ip.TeardownIPMasq(ipn, chain, comment); err != nil {
                         return err
                 }
         }
author	Stefan Junker <mail@stefanjunker.de>
	Thu, 31 Mar 2016 13:44:54 +0000 (15:44 +0200)
committer	Stefan Junker <mail@stefanjunker.de>
	Thu, 31 Mar 2016 16:01:32 +0000 (18:01 +0200)
pkg/ip/ipmasq.go		patch \| blob \| history
pkg/utils/utils.go		patch \| blob \| history
plugins/main/bridge/bridge.go		patch \| blob \| history
plugins/main/ptp/ptp.go		patch \| blob \| history