Routemgr error handling (#1073)

In case the route management feature is not supported then do not create unnecessary firewall and manager instances. This can happen if the nftables nor iptables is not available on the host OS. - Move the error handling to upper layer - Remove fake, useless implementations of interfaces - Update go-iptables because In Docker the old version can not determine well the path of executable file - update lib to 0.70
2025-08-20 19:36:21 +02:00 · 2023-08-12 11:42:36 +02:00
parent 2dec016201
commit 0f0c7ec2ed
12 changed files with 79 additions and 88 deletions
--- a/client/internal/routemanager/iptables_linux.go
+++ b/client/internal/routemanager/iptables_linux.go
@@ -49,14 +49,12 @@ type iptablesManager struct {
 	mux        sync.Mutex
 }

-func newIptablesManager(parentCtx context.Context) *iptablesManager {
-	ctx, cancel := context.WithCancel(parentCtx)
+func newIptablesManager(parentCtx context.Context) (*iptablesManager, error) {
 	ipv4Client, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
 	if err != nil {
-		log.Debugf("failed to initialize iptables for ipv4: %s", err)
+		return nil, err
 	} else if !isIptablesClientAvailable(ipv4Client) {
-		log.Infof("iptables is missing for ipv4")
-		ipv4Client = nil
+		return nil, fmt.Errorf("iptables is missing for ipv4")
 	}
 	ipv6Client, err := iptables.NewWithProtocol(iptables.ProtocolIPv6)
 	if err != nil {
@@ -66,13 +64,14 @@ func newIptablesManager(parentCtx context.Context) *iptablesManager {
 		ipv6Client = nil
 	}

+	ctx, cancel := context.WithCancel(parentCtx)
 	return &iptablesManager{
 		ctx:        ctx,
 		stop:       cancel,
 		ipv4Client: ipv4Client,
 		ipv6Client: ipv6Client,
 		rules:      make(map[string]map[string][]string),
-	}
+	}, nil
 }

 // CleanRoutingRules cleans existing iptables resources that we created by the agent
@@ -395,6 +394,10 @@ func (i *iptablesManager) insertRoutingRule(keyFormat, table, chain, jump string
 		ipVersion = ipv6
 	}

+	if iptablesClient == nil {
+		return fmt.Errorf("unable to insert iptables routing rules. Iptables client is not initialized")
+	}
+
 	ruleKey := genKey(keyFormat, pair.ID)
 	rule := genRuleSpec(jump, ruleKey, pair.source, pair.destination)
 	existingRule, found := i.rules[ipVersion][ruleKey]
@@ -459,6 +462,10 @@ func (i *iptablesManager) removeRoutingRule(keyFormat, table, chain string, pair
 		ipVersion = ipv6
 	}

+	if iptablesClient == nil {
+		return fmt.Errorf("unable to remove iptables routing rules. Iptables client is not initialized")
+	}
+
 	ruleKey := genKey(keyFormat, pair.ID)
 	existingRule, found := i.rules[ipVersion][ruleKey]
 	if found {