Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor iptables module to prepare for nftables implementation #1865

Merged
merged 1 commit into from
Feb 9, 2024
Merged

Refactor iptables module to prepare for nftables implementation #1865

merged 1 commit into from
Feb 9, 2024

Conversation

thomasferrandiz
Copy link
Contributor

Description

This PR creates a trafficmngr package which declares the TrafficManager interface.
This interface holds the currently used chains and rules management functions for the iptables module.

This will allow us to also provide an nftables-based implementation of this interface.

Todos

  • Tests
  • Documentation
  • Release note

Release Note

None required

@thomasferrandiz
refactor iptables package to prepare for nftables-based implementation
2d46bb0 
There is now a trafficmngr package that declares the TrafficManager
interface. This will allow us to have multiple implementation to manage
NATing and forwarding the traffic.
@thomasferrandiz thomasferrandiz force-pushed the refactor-iptables-module branch from 4518c2c to 2d46bb0 Compare February 7, 2024 16:55
manuelbuil
manuelbuil requested changes Feb 8, 2024
View reviewed changes
Copy link
Collaborator

@manuelbuil manuelbuil left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good! I have one suggestion

pkg/trafficmngr/trafficmngr.go
Comment on lines +29 to +39
type TrafficManager interface {
CreateIP4Chain(table, chain string)
CreateIP6Chain(table, chain string)
MasqRules(cluster_cidrs []ip.IP4Net, lease *lease.Lease) []IPTablesRule
MasqIP6Rules(cluster_cidrs []ip.IP6Net, lease *lease.Lease) []IPTablesRule
ForwardRules(flannelNetwork string) []IPTablesRule
SetupAndEnsureIP4Tables(getRules func() []IPTablesRule, resyncPeriod int)
SetupAndEnsureIP6Tables(getRules func() []IPTablesRule, resyncPeriod int)
DeleteIP4Tables(rules []IPTablesRule) error
DeleteIP6Tables(rules []IPTablesRule) error
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the change but taking advantage of it, I think we can refactor code a little bit. I think it is possible to simplify this interface and have only:

Then, the rest of the calls (recycle, which ends up calling Delete; CreateIPChain...) can be private functions inside the implementation of iptables or nftables. That would also make main.go a bit cleaner. Right now we are even defining functions https://github.com/flannel-io/flannel/blob/master/main.go#L356-L362 which I find very ugly.

What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree
I was planning to do that in another PR to keep things readable :-)

I can do it in one PR if you prefer

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's also fine for me

@thomasferrandiz thomasferrandiz merged commit 94e2a27 into flannel-io:master Feb 9, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuelbuil manuelbuil manuelbuil approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thomasferrandiz @manuelbuil