Skip to content

Commit

Permalink
Add another pattern to IsNotExist
Browse files Browse the repository at this point in the history 
With iptables-nft, this can happen:

    process 1                       process 2
    ask kernel if chain X exists    ask kernel if chain X exists
      --> yes                         --> yes
                                    ask kernel to delete chain X
                                      --> OK
    ask kernel to delete chain X
      --> ENOENT

You only get the normal "chain doesn't exist" error message if the
initial check fails; if another process deletes the chain after that,
then it outputs the raw kernel error. (This can happen in the
containernetworking/plugins tests.)

So make IsNotExist recognize "No such file or directory".
  • Loading branch information
@danwinship
danwinship committed Jul 27, 2023
1 parent fa6abe8 commit b299a5b
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion iptables/iptables.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ func (e *Error) IsNotExist() bool {
}
msgNoRuleExist := "Bad rule (does a matching rule exist in that chain?).\n"
msgNoChainExist := "No chain/target/match by that name.\n"
return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist)
msgENOENT := "No such file or directory"
return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist) || strings.Contains(e.msg, msgENOENT)
}

// Protocol to differentiate between IPv4 and IPv6
Expand Down

0 comments on commit b299a5b

Please sign in to comment.