The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7980
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes https://github.com/lxc/lxd/issues/7973 Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
From 406d531d63b89ed48b5fcbd1067c8ab2d9619457 Mon Sep 17 00:00:00 2001 From: Thomas Parrott <thomas.parr...@canonical.com> Date: Mon, 5 Oct 2020 09:56:10 +0100 Subject: [PATCH] lxd/firewall/drivers/driver/nftables: Updates nft parser to handle nft sets with composite `type` field Fixes https://github.com/lxc/lxd/issues/7973 Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com> --- lxd/firewall/drivers/drivers_nftables.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lxd/firewall/drivers/drivers_nftables.go b/lxd/firewall/drivers/drivers_nftables.go index 9bdeebef1f..7a781fc971 100644 --- a/lxd/firewall/drivers/drivers_nftables.go +++ b/lxd/firewall/drivers/drivers_nftables.go @@ -96,7 +96,7 @@ func (d Nftables) Compat() (bool, error) { } for _, item := range ruleset { - if item.Type == "rule" { + if item.ItemType == "rule" { return true, nil // At least one rule found indicates in use. } } @@ -106,11 +106,11 @@ func (d Nftables) Compat() (bool, error) { // nftGenericItem represents some common fields amongst the different nftables types. type nftGenericItem struct { - Type string // Type of item (table, chain or rule). - Family string `json:"family"` // Family of item (ip, ip6, bridge etc). - Table string `json:"table"` // Table the item belongs to (for chains and rules). - Chain string `json:"chain"` // Chain the item belongs to (for rules). - Name string `json:"name"` // Name of item (for tables and chains). + ItemType string `json:"-"` // Type of item (table, chain or rule). Populated by LXD. + Family string `json:"family"` // Family of item (ip, ip6, bridge etc). + Table string `json:"table"` // Table the item belongs to (for chains and rules). + Chain string `json:"chain"` // Chain the item belongs to (for rules). + Name string `json:"name"` // Name of item (for tables and chains). } // nftParseRuleset parses the ruleset and returns the generic parts as a slice of items. @@ -140,13 +140,13 @@ func (d Nftables) nftParseRuleset() ([]nftGenericItem, error) { items := []nftGenericItem{} for _, item := range v.Nftables { if rule, found := item["rule"]; found { - rule.Type = "rule" + rule.ItemType = "rule" items = append(items, rule) } else if chain, found := item["chain"]; found { - chain.Type = "chain" + chain.ItemType = "chain" items = append(items, chain) } else if table, found := item["table"]; found { - table.Type = "table" + table.ItemType = "table" items = append(items, table) } } @@ -477,7 +477,7 @@ func (d Nftables) removeChains(families []string, chainSuffix string, chains ... for _, family := range families { for _, item := range ruleset { - if item.Type == "chain" && item.Family == family && item.Table == nftablesNamespace && shared.StringInSlice(item.Name, fullChains) { + if item.ItemType == "chain" && item.Family == family && item.Table == nftablesNamespace && shared.StringInSlice(item.Name, fullChains) { _, err = shared.RunCommand("nft", "flush", "chain", family, nftablesNamespace, item.Name, ";", "delete", "chain", family, nftablesNamespace, item.Name) if err != nil { return errors.Wrapf(err, "Failed deleting nftables chain %q (%s)", item.Name, family)
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
