style(iptables): concat IPv6 and IPv4 errors into a custom type

mjholub · Mar 26, 2023 · b720f79 · b720f79
1 parent 75cacf3
commit b720f79
Showing 1 changed file with 25 additions and 8 deletions.
diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go
@@ -8,8 +8,24 @@ import (
 	"github.com/vishvananda/netlink"
 )
 
+// FirewallError is a type that holds both IPv4 and IPv6 errors.
+type FirewallError struct {
+	Err4 error
+	Err6 error
+}
+
+// Error formats the errors for both IPv4 and IPv6 errors.
+func (e *FirewallError) Error() string {
+	return fmt.Sprintf("IPv4 error: %v, IPv6 error: %v", e.Err4, e.Err6)
+}
+
+// HasError simplifies error handling of the FirewallError type.
+func (e *FirewallError) HasError() bool {
+	return e.Err4 != nil || e.Err6 != nil
+}
+
 // RunRule inserts or deletes a firewall rule.
-func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error) {
+func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) *FirewallError {
 	if enable == false {
 		action = "-D"
 	}
@@ -19,6 +35,7 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s
 	ipt.Lock()
 	defer ipt.Unlock()
 
+	var err4, err6 error
 	if _, err4 = core.Exec(ipt.bin, rule); err4 != nil {
 		if logError {
 			log.Error("Error while running firewall rule, ipv4 err: %s", err4)
@@ -36,13 +53,13 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s
 		}
 	}
 
-	return
+	return &FirewallError{Err4: err4, Err6: err6}
 }
 
 // QueueDNSResponses redirects DNS responses to us, in order to keep a cache
 // of resolved domains.
 // INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error) {
+func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) *FirewallError {
 	return ipt.RunRule(INSERT, enable, logError, []string{
 		"INPUT",
 		"--protocol", "udp",
@@ -56,8 +73,8 @@ func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 e
 // QueueConnections inserts the firewall rule which redirects connections to us.
 // Connections are queued until the user denies/accept them, or reaches a timeout.
 // OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass
-func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) {
-	err4, err6 := ipt.RunRule(ADD, enable, logError, []string{
+func (ipt *Iptables) QueueConnections(enable bool, logError bool) *FirewallError {
+	err := ipt.RunRule(ADD, enable, logError, []string{
 		"OUTPUT",
 		"-t", "mangle",
 		"-m", "conntrack",
@@ -69,9 +86,9 @@ func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error)
 	if enable {
 		// flush conntrack as soon as netfilter rule is set. This ensures that already-established
 		// connections will go to netfilter queue.
-		if err := netlink.ConntrackTableFlush(netlink.ConntrackTable); err != nil {
-			log.Error("error in ConntrackTableFlush %s", err)
+		if ctErr := netlink.ConntrackTableFlush(netlink.ConntrackTable); ctErr != nil {
+			log.Error("error in ConntrackTableFlush %s", ctErr)
 		}
 	}
-	return err4, err6
+	return err
 }