Skip to content

Commit 94e2a27

Browse files
thomasferrandizthomasferrandiz
authored
Merge pull request #1865 from thomasferrandiz/refactor-iptables-module
Refactor iptables module to prepare for nftables implementation
2 parents 7cc16e2 + 2d46bb0 commit 94e2a27

9 files changed

+225
-177
lines changed

Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ K8S_VERSION=1.24.6
2323
GOARM=7
2424

2525
# These variables can be overridden by setting an environment variable.
26-
TEST_PACKAGES?=pkg/ip pkg/subnet pkg/subnet/etcd pkg/subnet/kube pkg/iptables pkg/backend
26+
TEST_PACKAGES?=pkg/ip pkg/subnet pkg/subnet/etcd pkg/subnet/kube pkg/trafficmngr pkg/backend
2727
TEST_PACKAGES_EXPANDED=$(TEST_PACKAGES:%=github.com/flannel-io/flannel/%)
2828
PACKAGES?=$(TEST_PACKAGES)
2929
PACKAGES_EXPANDED=$(PACKAGES:%=github.com/flannel-io/flannel/%)

main.go

+32-25
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,12 @@ import (
3131
"github.com/coreos/pkg/flagutil"
3232
"github.com/flannel-io/flannel/pkg/ip"
3333
"github.com/flannel-io/flannel/pkg/ipmatch"
34-
"github.com/flannel-io/flannel/pkg/iptables"
3534
"github.com/flannel-io/flannel/pkg/lease"
3635
"github.com/flannel-io/flannel/pkg/subnet"
3736
etcd "github.com/flannel-io/flannel/pkg/subnet/etcd"
3837
"github.com/flannel-io/flannel/pkg/subnet/kube"
38+
"github.com/flannel-io/flannel/pkg/trafficmngr"
39+
"github.com/flannel-io/flannel/pkg/trafficmngr/iptables"
3940
"github.com/flannel-io/flannel/pkg/version"
4041
"golang.org/x/net/context"
4142
log "k8s.io/klog/v2"
@@ -335,6 +336,8 @@ func main() {
335336
os.Exit(1)
336337
}
337338

339+
//Create TrafficManager and instanciate it based on whether we use iptables or nftables
340+
trafficMngr := newTrafficManager()
338341
// Set up ipMasq if needed
339342
if opts.ipMasq {
340343
if config.EnableIPv4 {
@@ -345,22 +348,22 @@ func main() {
345348
wg.Wait()
346349
os.Exit(1)
347350
}
348-
if err = recycleIPTables(net, bn.Lease()); err != nil {
351+
if err = recycleIPTables(trafficMngr, net, bn.Lease()); err != nil {
349352
log.Errorf("Failed to recycle IPTables rules, %v", err)
350353
cancel()
351354
wg.Wait()
352355
os.Exit(1)
353356
}
354357
log.Infof("Setting up masking rules")
355-
iptables.CreateIP4Chain("nat", "FLANNEL-POSTRTG")
356-
getRules := func() []iptables.IPTablesRule {
358+
trafficMngr.CreateIP4Chain("nat", "FLANNEL-POSTRTG")
359+
getRules := func() []trafficmngr.IPTablesRule {
357360
if config.HasNetworks() {
358-
return iptables.MasqRules(config.Networks, bn.Lease())
361+
return trafficMngr.MasqRules(config.Networks, bn.Lease())
359362
} else {
360-
return iptables.MasqRules([]ip.IP4Net{config.Network}, bn.Lease())
363+
return trafficMngr.MasqRules([]ip.IP4Net{config.Network}, bn.Lease())
361364
}
362365
}
363-
go iptables.SetupAndEnsureIP4Tables(getRules, opts.iptablesResyncSeconds)
366+
go trafficMngr.SetupAndEnsureIP4Tables(getRules, opts.iptablesResyncSeconds)
364367

365368
}
366369
if config.EnableIPv6 {
@@ -371,22 +374,22 @@ func main() {
371374
wg.Wait()
372375
os.Exit(1)
373376
}
374-
if err = recycleIP6Tables(ip6net, bn.Lease()); err != nil {
377+
if err = recycleIP6Tables(trafficMngr, ip6net, bn.Lease()); err != nil {
375378
log.Errorf("Failed to recycle IP6Tables rules, %v", err)
376379
cancel()
377380
wg.Wait()
378381
os.Exit(1)
379382
}
380383
log.Infof("Setting up masking ip6 rules")
381-
iptables.CreateIP6Chain("nat", "FLANNEL-POSTRTG")
382-
getRules := func() []iptables.IPTablesRule {
384+
trafficMngr.CreateIP6Chain("nat", "FLANNEL-POSTRTG")
385+
getRules := func() []trafficmngr.IPTablesRule {
383386
if config.HasIPv6Networks() {
384-
return iptables.MasqIP6Rules(config.IPv6Networks, bn.Lease())
387+
return trafficMngr.MasqIP6Rules(config.IPv6Networks, bn.Lease())
385388
} else {
386-
return iptables.MasqIP6Rules([]ip.IP6Net{config.IPv6Network}, bn.Lease())
389+
return trafficMngr.MasqIP6Rules([]ip.IP6Net{config.IPv6Network}, bn.Lease())
387390
}
388391
}
389-
go iptables.SetupAndEnsureIP6Tables(getRules, opts.iptablesResyncSeconds)
392+
go trafficMngr.SetupAndEnsureIP6Tables(getRules, opts.iptablesResyncSeconds)
390393
}
391394
}
392395

@@ -403,11 +406,11 @@ func main() {
403406
os.Exit(1)
404407
}
405408
log.Infof("Changing default FORWARD chain policy to ACCEPT")
406-
iptables.CreateIP4Chain("filter", "FLANNEL-FWD")
407-
getRules := func() []iptables.IPTablesRule {
408-
return iptables.ForwardRules(net.String())
409+
trafficMngr.CreateIP4Chain("filter", "FLANNEL-FWD")
410+
getRules := func() []trafficmngr.IPTablesRule {
411+
return trafficMngr.ForwardRules(net.String())
409412
}
410-
go iptables.SetupAndEnsureIP4Tables(getRules, opts.iptablesResyncSeconds)
413+
go trafficMngr.SetupAndEnsureIP4Tables(getRules, opts.iptablesResyncSeconds)
411414
}
412415
if config.EnableIPv6 {
413416
ip6net, err := config.GetFlannelIPv6Network(&bn.Lease().IPv6Subnet)
@@ -418,11 +421,11 @@ func main() {
418421
os.Exit(1)
419422
}
420423
log.Infof("IPv6: Changing default FORWARD chain policy to ACCEPT")
421-
iptables.CreateIP6Chain("filter", "FLANNEL-FWD")
422-
getRules := func() []iptables.IPTablesRule {
423-
return iptables.ForwardRules(ip6net.String())
424+
trafficMngr.CreateIP6Chain("filter", "FLANNEL-FWD")
425+
getRules := func() []trafficmngr.IPTablesRule {
426+
return trafficMngr.ForwardRules(ip6net.String())
424427
}
425-
go iptables.SetupAndEnsureIP6Tables(getRules, opts.iptablesResyncSeconds)
428+
go trafficMngr.SetupAndEnsureIP6Tables(getRules, opts.iptablesResyncSeconds)
426429
}
427430
}
428431

@@ -462,7 +465,7 @@ func main() {
462465
os.Exit(0)
463466
}
464467

465-
func recycleIPTables(nw ip.IP4Net, myLease *lease.Lease) error {
468+
func recycleIPTables(tm trafficmngr.TrafficManager, nw ip.IP4Net, myLease *lease.Lease) error {
466469
prevNetworks := ReadCIDRsFromSubnetFile(opts.subnetFile, "FLANNEL_NETWORK")
467470
prevSubnet := ReadCIDRFromSubnetFile(opts.subnetFile, "FLANNEL_SUBNET")
468471

@@ -480,14 +483,14 @@ func recycleIPTables(nw ip.IP4Net, myLease *lease.Lease) error {
480483
newLease := &lease.Lease{
481484
Subnet: prevSubnet,
482485
}
483-
if err := iptables.DeleteIP4Tables(iptables.MasqRules(prevNetworks, newLease)); err != nil {
486+
if err := tm.DeleteIP4Tables(tm.MasqRules(prevNetworks, newLease)); err != nil {
484487
return err
485488
}
486489
}
487490
return nil
488491
}
489492

490-
func recycleIP6Tables(nw ip.IP6Net, myLease *lease.Lease) error {
493+
func recycleIP6Tables(tm trafficmngr.TrafficManager, nw ip.IP6Net, myLease *lease.Lease) error {
491494
prevNetworks := ReadIP6CIDRsFromSubnetFile(opts.subnetFile, "FLANNEL_IPV6_NETWORK")
492495
prevSubnet := ReadIP6CIDRFromSubnetFile(opts.subnetFile, "FLANNEL_IPV6_SUBNET")
493496

@@ -506,7 +509,7 @@ func recycleIP6Tables(nw ip.IP6Net, myLease *lease.Lease) error {
506509
lease := &lease.Lease{
507510
IPv6Subnet: prevSubnet,
508511
}
509-
if err := iptables.DeleteIP6Tables(iptables.MasqIP6Rules(prevNetworks, lease)); err != nil {
512+
if err := tm.DeleteIP6Tables(tm.MasqIP6Rules(prevNetworks, lease)); err != nil {
510513
return err
511514
}
512515
}
@@ -656,3 +659,7 @@ func ReadIP6CIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP6Net {
656659
}
657660
return prevCIDRs
658661
}
662+
663+
func newTrafficManager() trafficmngr.TrafficManager {
664+
return iptables.IPTablesManager{}
665+
}

pkg/iptables/iptables_windows.go

-46
This file was deleted.

0 commit comments

Comments
 (0)