Merge pull request #303 from icecrime/cherry-picks-1.7.0

mavenugo · mavenugo · commit b116b5c0d20e · 2015-06-16T11:28:50.000-07:00
Cherry picks 1.7.0
diff --git a/drivers/bridge/bridge.go b/drivers/bridge/bridge.go
@@ -10,6 +10,7 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/driverapi"
 	"github.com/docker/libnetwork/ipallocator"
+	"github.com/docker/libnetwork/iptables"
 	"github.com/docker/libnetwork/netlabel"
 	"github.com/docker/libnetwork/netutils"
 	"github.com/docker/libnetwork/options"
@@ -109,6 +110,9 @@ func Init(dc driverapi.DriverCallback) error {
 	if out, err := exec.Command("modprobe", "-va", "bridge", "nf_nat", "br_netfilter").Output(); err != nil {
 		logrus.Warnf("Running modprobe bridge nf_nat failed with message: %s, error: %v", out, err)
 	}
+	if err := iptables.RemoveExistingChain(DockerChain, iptables.Nat); err != nil {
+		logrus.Warnf("Failed to remove existing iptables entries in %s : %v", DockerChain, err)
+	}
 
 	return dc.RegisterDriver(networkType, newDriver())
 }
diff --git a/iptables/iptables.go b/iptables/iptables.go
@@ -99,15 +99,17 @@ func NewChain(name, bridge string, table Table, hairpinMode bool) (*Chain, error
 	case Nat:
 		preroute := []string{
 			"-m", "addrtype",
-			"--dst-type", "LOCAL"}
+			"--dst-type", "LOCAL",
+			"-j", c.Name}
 		if !Exists(Nat, "PREROUTING", preroute...) {
 			if err := c.Prerouting(Append, preroute...); err != nil {
 				return nil, fmt.Errorf("Failed to inject docker in PREROUTING chain: %s", err)
 			}
 		}
 		output := []string{
 			"-m", "addrtype",
-			"--dst-type", "LOCAL"}
+			"--dst-type", "LOCAL",
+			"-j", c.Name}
 		if !hairpinMode {
 			output = append(output, "!", "--dst", "127.0.0.0/8")
 		}
@@ -228,7 +230,7 @@ func (c *Chain) Prerouting(action Action, args ...string) error {
 	if len(args) > 0 {
 		a = append(a, args...)
 	}
-	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {
+	if output, err := Raw(a...); err != nil {
 		return err
 	} else if len(output) != 0 {
 		return ChainError{Chain: "PREROUTING", Output: output}
@@ -242,7 +244,7 @@ func (c *Chain) Output(action Action, args ...string) error {
 	if len(args) > 0 {
 		a = append(a, args...)
 	}
-	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {
+	if output, err := Raw(a...); err != nil {
 		return err
 	} else if len(output) != 0 {
 		return ChainError{Chain: "OUTPUT", Output: output}
@@ -254,9 +256,9 @@ func (c *Chain) Output(action Action, args ...string) error {
 func (c *Chain) Remove() error {
 	// Ignore errors - This could mean the chains were never set up
 	if c.Table == Nat {
-		c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL")
-		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "!", "--dst", "127.0.0.0/8")
-		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL") // Created in versions <= 0.1.6
+		c.Prerouting(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name)
+		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "!", "--dst", "127.0.0.0/8", "-j", c.Name)
+		c.Output(Delete, "-m", "addrtype", "--dst-type", "LOCAL", "-j", c.Name) // Created in versions <= 0.1.6
 
 		c.Prerouting(Delete)
 		c.Output(Delete)
diff --git a/iptables/iptables_test.go b/iptables/iptables_test.go
@@ -131,16 +131,11 @@ func TestPrerouting(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	rule := []string{
-		"-j", natChain.Name}
-
-	rule = append(rule, args...)
-
-	if !Exists(natChain.Table, "PREROUTING", rule...) {
+	if !Exists(natChain.Table, "PREROUTING", args...) {
 		t.Fatalf("rule does not exist")
 	}
 
-	delRule := append([]string{"-D", "PREROUTING", "-t", string(Nat)}, rule...)
+	delRule := append([]string{"-D", "PREROUTING", "-t", string(Nat)}, args...)
 	if _, err = Raw(delRule...); err != nil {
 		t.Fatal(err)
 	}
@@ -156,17 +151,12 @@ func TestOutput(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	rule := []string{
-		"-j", natChain.Name}
-
-	rule = append(rule, args...)
-
-	if !Exists(natChain.Table, "OUTPUT", rule...) {
+	if !Exists(natChain.Table, "OUTPUT", args...) {
 		t.Fatalf("rule does not exist")
 	}
 
 	delRule := append([]string{"-D", "OUTPUT", "-t",
-		string(natChain.Table)}, rule...)
+		string(natChain.Table)}, args...)
 	if _, err = Raw(delRule...); err != nil {
 		t.Fatal(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -131,16 +131,11 @@ func TestPrerouting(t *testing.T) {`
`131`	`131`	`t.Fatal(err)`
`132`	`132`	`}`
`133`	`133`
`134`		`- rule := []string{`
`135`		`- "-j", natChain.Name}`
`136`		`-`
`137`		`- rule = append(rule, args...)`
`138`		`-`
`139`		`- if !Exists(natChain.Table, "PREROUTING", rule...) {`
	`134`	`+ if !Exists(natChain.Table, "PREROUTING", args...) {`
`140`	`135`	`t.Fatalf("rule does not exist")`
`141`	`136`	`}`
`142`	`137`
`143`		`- delRule := append([]string{"-D", "PREROUTING", "-t", string(Nat)}, rule...)`
	`138`	`+ delRule := append([]string{"-D", "PREROUTING", "-t", string(Nat)}, args...)`
`144`	`139`	`if _, err = Raw(delRule...); err != nil {`
`145`	`140`	`t.Fatal(err)`
`146`	`141`	`}`
`@@ -156,17 +151,12 @@ func TestOutput(t *testing.T) {`
`156`	`151`	`t.Fatal(err)`
`157`	`152`	`}`
`158`	`153`
`159`		`- rule := []string{`
`160`		`- "-j", natChain.Name}`
`161`		`-`
`162`		`- rule = append(rule, args...)`
`163`		`-`
`164`		`- if !Exists(natChain.Table, "OUTPUT", rule...) {`
	`154`	`+ if !Exists(natChain.Table, "OUTPUT", args...) {`
`165`	`155`	`t.Fatalf("rule does not exist")`
`166`	`156`	`}`
`167`	`157`
`168`	`158`	`delRule := append([]string{"-D", "OUTPUT", "-t",`
`169`		`- string(natChain.Table)}, rule...)`
	`159`	`+ string(natChain.Table)}, args...)`
`170`	`160`	`if _, err = Raw(delRule...); err != nil {`
`171`	`161`	`t.Fatal(err)`
`172`	`162`	`}`