Handle more iptables errors

srl-labs · Feb 23, 2022 · d3819e0 · d3819e0
1 parent 121059d
commit d3819e0
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 16 deletions.
diff --git a/runtime/docker/docker.go b/runtime/docker/docker.go
@@ -236,7 +236,7 @@ func (d *DockerRuntime) postCreateNetActions() (err error) {
 	}
 	err = d.installIPTablesFwdRule()
 	if err != nil {
-		log.Warnf("failed to install iptables rules: %v", err)
+		log.Warnf("%v", err)
 	}
 	return nil
 }
@@ -272,8 +272,11 @@ func (d *DockerRuntime) DeleteNet(ctx context.Context) (err error) {
 
 	// bridge name associated with the network
 	br := "br-" + nres.ID[:12]
-
-	return d.deleteIPTablesFwdRule(br)
+	err = d.deleteIPTablesFwdRule(br)
+	if err != nil {
+		log.Warnf("%v", err)
+	}
+	return nil
 }
 
 // CreateContainer creates a docker container (but does not start it)

diff --git a/runtime/docker/iptables.go b/runtime/docker/iptables.go
@@ -26,26 +26,23 @@ func (d *DockerRuntime) installIPTablesFwdRule() (err error) {
 		log.Debug("skipping setup of iptables forwarding rules for non-bridged management network")
 		return
 	}
-
 	// first check if a rule already exists to not create duplicates
 	res, err := exec.Command("iptables", strings.Split(iptCheckCmd, " ")...).Output()
 	if bytes.Contains(res, []byte(d.mgmt.Bridge)) {
 		log.Debugf("found iptables forwarding rule targeting the bridge %q. Skipping creation of the forwarding rule.", d.mgmt.Bridge)
 		return err
 	}
-
 	if err != nil {
 		return err
 	}
-
 	cmd := fmt.Sprintf(iptAllowCmd, d.mgmt.Bridge)
-
-	_, err = exec.Command("iptables", strings.Split(cmd, " ")...).Output()
+	log.Debugf("Installing iptables rules for bridge %q", d.mgmt.Bridge)
+	stdOutErr, err := exec.Command("iptables", strings.Split(cmd, " ")...).CombinedOutput()
 	if err != nil {
-		return
+		log.Errorf("Iptables install stdout/stderr result is: %s", stdOutErr)
+		return fmt.Errorf("unable to install iptables rules: %w", err)
 	}
-
-	return err
+	return nil
 }
 
 // deleteIPTablesFwdRule deletes `allow` rule installed with InstallIPTablesFwdRule when the bridge interface doesn't exist anymore
@@ -73,11 +70,11 @@ func (d *DockerRuntime) deleteIPTablesFwdRule(br string) (err error) {
 	}
 
 	cmd := fmt.Sprintf(iptDelCmd, br)
-
-	_, err = exec.Command("iptables", strings.Split(cmd, " ")...).Output()
+	log.Debugf("Removing clab iptables rules for bridge %q", br)
+	stdOutErr, err := exec.Command("iptables", strings.Split(cmd, " ")...).CombinedOutput()
 	if err != nil {
-		return
+		log.Errorf("Iptables delete stdout/stderr result is: %s", stdOutErr)
+		return fmt.Errorf("unable to delete iptables rules: %w", err)
 	}
-
-	return err
+	return nil
 }