From b720f79c8c866d7173a7d0d1bb12d2b7b1a89201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 26 Mar 2023 08:51:39 +0200 Subject: [PATCH] style(iptables): concat IPv6 and IPv4 errors into a custom type --- daemon/firewall/iptables/rules.go | 33 +++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go index 6eed8422ca..a047d0c13c 100644 --- a/daemon/firewall/iptables/rules.go +++ b/daemon/firewall/iptables/rules.go @@ -8,8 +8,24 @@ import ( "github.com/vishvananda/netlink" ) +// FirewallError is a type that holds both IPv4 and IPv6 errors. +type FirewallError struct { + Err4 error + Err6 error +} + +// Error formats the errors for both IPv4 and IPv6 errors. +func (e *FirewallError) Error() string { + return fmt.Sprintf("IPv4 error: %v, IPv6 error: %v", e.Err4, e.Err6) +} + +// HasError simplifies error handling of the FirewallError type. +func (e *FirewallError) HasError() bool { + return e.Err4 != nil || e.Err6 != nil +} + // RunRule inserts or deletes a firewall rule. -func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error) { +func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) *FirewallError { if enable == false { action = "-D" } @@ -19,6 +35,7 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s ipt.Lock() defer ipt.Unlock() + var err4, err6 error if _, err4 = core.Exec(ipt.bin, rule); err4 != nil { if logError { log.Error("Error while running firewall rule, ipv4 err: %s", err4) @@ -36,13 +53,13 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s } } - return + return &FirewallError{Err4: err4, Err6: err6} } // QueueDNSResponses redirects DNS responses to us, in order to keep a cache // of resolved domains. // INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass -func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error) { +func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) *FirewallError { return ipt.RunRule(INSERT, enable, logError, []string{ "INPUT", "--protocol", "udp", @@ -56,8 +73,8 @@ func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 e // QueueConnections inserts the firewall rule which redirects connections to us. // Connections are queued until the user denies/accept them, or reaches a timeout. // OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass -func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) { - err4, err6 := ipt.RunRule(ADD, enable, logError, []string{ +func (ipt *Iptables) QueueConnections(enable bool, logError bool) *FirewallError { + err := ipt.RunRule(ADD, enable, logError, []string{ "OUTPUT", "-t", "mangle", "-m", "conntrack", @@ -69,9 +86,9 @@ func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) if enable { // flush conntrack as soon as netfilter rule is set. This ensures that already-established // connections will go to netfilter queue. - if err := netlink.ConntrackTableFlush(netlink.ConntrackTable); err != nil { - log.Error("error in ConntrackTableFlush %s", err) + if ctErr := netlink.ConntrackTableFlush(netlink.ConntrackTable); ctErr != nil { + log.Error("error in ConntrackTableFlush %s", ctErr) } } - return err4, err6 + return err }