Skip to content

Commit

Permalink
Showing 4 changed files with 32 additions and 16 deletions.
6 changes: 5 additions & 1 deletion main.go
Original file line number Diff line number Diff line change
@@ -265,7 +265,11 @@ func main() {
}
// Check the default interface only if no interfaces are specified
if len(opts.iface) == 0 && len(opts.ifaceRegex) == 0 && len(opts.ifaceCanReach) == 0 {
extIface, err = ipmatch.LookupExtIface(opts.publicIP, "", "", ipStack, optsPublicIP)
if len(opts.publicIP) > 0 {
extIface, err = ipmatch.LookupExtIface(opts.publicIP, "", "", ipStack, optsPublicIP)
} else {
extIface, err = ipmatch.LookupExtIface(opts.publicIPv6, "", "", ipStack, optsPublicIP)
}
if err != nil {
log.Error("Failed to find any valid interface to use: ", err)
os.Exit(1)
9 changes: 5 additions & 4 deletions network/iptables_restore_test.go
Original file line number Diff line number Diff line change
@@ -29,17 +29,18 @@ func TestRules(t *testing.T) {
{"-A", "INPUT", "-s", "127.0.0.1", "!", "-d", "224.0.0.0/4", "-m", "comment", "--comment", "flanneld masq", "-j", "MASQUERADE", "--random-fully"},
},
}
expectedPayload := `*filter
expectedFilterPayload := `*filter
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j RETURN
-A INPUT -s 127.0.0.1 ! -d 224.0.0.0/4 -m comment --comment "flanneld masq" -j MASQUERADE --random-fully
COMMIT
*nat
`
expectedNATPayload := `*nat
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j RETURN
-A INPUT -s 127.0.0.1 ! -d 224.0.0.0/4 -m comment --comment "flanneld masq" -j MASQUERADE --random-fully
COMMIT
`
payload := buildIPTablesRestorePayload(baseRules)
if payload != expectedPayload {
t.Errorf("iptables-restore payload not as expected. Expected: %#v, Actual: %#v", expectedPayload, payload)
if payload != expectedFilterPayload+expectedNATPayload && payload != expectedNATPayload+expectedFilterPayload {
t.Errorf("iptables-restore payload not as expected. Expected: %#v, Actual: %#v", expectedFilterPayload+expectedNATPayload, payload)
}
}
4 changes: 2 additions & 2 deletions network/iptables_windows.go
Original file line number Diff line number Diff line change
@@ -33,9 +33,9 @@ type IPTablesRule struct {

func MasqRules(ipn ip.IP4Net, lease *subnet.Lease) []IPTablesRule { return nil }
func ForwardRules(flannelNetwork string) []IPTablesRule { return nil }
func SetupAndEnsureIPTables(rules []IPTablesRule, resyncPeriod int) {}
func DeleteIPTables(rules []IPTablesRule) error { return nil }
func teardownIPTables(ipt IPTables, rules []IPTablesRule) {}
func SetupAndEnsureIP4Tables(rules []IPTablesRule, resyncPeriod int) {}
func SetupAndEnsureIP6Tables(rules []IPTablesRule, resyncPeriod int) {}
func MasqIP6Rules(ipn ip.IP6Net, lease *subnet.Lease) []IPTablesRule { return nil }
func DeleteIP4Tables(rules []IPTablesRule) error { return nil }
func DeleteIP6Tables(rules []IPTablesRule) error { return nil }
29 changes: 20 additions & 9 deletions pkg/ipmatch/match.go
Original file line number Diff line number Diff line change
@@ -83,16 +83,27 @@ func LookupExtIface(ifname string, ifregexS string, ifcanreach string, ipStack i
return nil, fmt.Errorf("error looking up v6 interface %s: %s", ifname, err)
}
case dualStack:
iface, err = ip.GetInterfaceByIP(ifaceAddr)
if err != nil {
return nil, fmt.Errorf("error looking up interface %s: %s", ifname, err)
}
v6Iface, err := ip.GetInterfaceByIP6(ifaceAddr)
if err != nil {
return nil, fmt.Errorf("error looking up v6 interface %s: %s", ifname, err)
if ifaceAddr.To4() != nil {
iface, err = ip.GetInterfaceByIP(ifaceAddr)
if err != nil {
return nil, fmt.Errorf("error looking up interface %s: %s", ifname, err)
}
}
if iface.Name != v6Iface.Name {
return nil, fmt.Errorf("v6 interface %s must be the same with v4 interface %s", v6Iface.Name, iface.Name)
if len(opts.PublicIPv6) > 0 {
if ifaceV6Addr = net.ParseIP(opts.PublicIPv6); ifaceV6Addr != nil {
v6Iface, err := ip.GetInterfaceByIP6(ifaceV6Addr)
if err != nil {
return nil, fmt.Errorf("error looking up v6 interface %s: %s", opts.PublicIPv6, err)
}
if ifaceAddr.To4() == nil {
iface = v6Iface
ifaceAddr = nil
} else {
if iface.Name != v6Iface.Name {
return nil, fmt.Errorf("v6 interface %s must be the same with v4 interface %s", v6Iface.Name, iface.Name)
}
}
}
}
}
} else {

0 comments on commit c166d38

Please sign in to comment.