Skip to content

Commit b720f79

Browse files
mjholubmjholub
committed
style(iptables): concat IPv6 and IPv4 errors into a custom type
1 parent 75cacf3 commit b720f79

File tree

1 file changed

+25
-8
lines changed

1 file changed

+25
-8
lines changed

daemon/firewall/iptables/rules.go

Lines changed: 25 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,24 @@ import (
88
"github.com/vishvananda/netlink"
99
)
1010

11+
// FirewallError is a type that holds both IPv4 and IPv6 errors.
12+
type FirewallError struct {
13+
Err4 error
14+
Err6 error
15+
}
16+
17+
// Error formats the errors for both IPv4 and IPv6 errors.
18+
func (e *FirewallError) Error() string {
19+
return fmt.Sprintf("IPv4 error: %v, IPv6 error: %v", e.Err4, e.Err6)
20+
}
21+
22+
// HasError simplifies error handling of the FirewallError type.
23+
func (e *FirewallError) HasError() bool {
24+
return e.Err4 != nil || e.Err6 != nil
25+
}
26+
1127
// RunRule inserts or deletes a firewall rule.
12-
func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error) {
28+
func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) *FirewallError {
1329
if enable == false {
1430
action = "-D"
1531
}
@@ -19,6 +35,7 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s
1935
ipt.Lock()
2036
defer ipt.Unlock()
2137

38+
var err4, err6 error
2239
if _, err4 = core.Exec(ipt.bin, rule); err4 != nil {
2340
if logError {
2441
log.Error("Error while running firewall rule, ipv4 err: %s", err4)
@@ -36,13 +53,13 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s
3653
}
3754
}
3855

39-
return
56+
return &FirewallError{Err4: err4, Err6: err6}
4057
}
4158

4259
// QueueDNSResponses redirects DNS responses to us, in order to keep a cache
4360
// of resolved domains.
4461
// INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
45-
func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error) {
62+
func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) *FirewallError {
4663
return ipt.RunRule(INSERT, enable, logError, []string{
4764
"INPUT",
4865
"--protocol", "udp",
@@ -56,8 +73,8 @@ func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 e
5673
// QueueConnections inserts the firewall rule which redirects connections to us.
5774
// Connections are queued until the user denies/accept them, or reaches a timeout.
5875
// OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass
59-
func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) {
60-
err4, err6 := ipt.RunRule(ADD, enable, logError, []string{
76+
func (ipt *Iptables) QueueConnections(enable bool, logError bool) *FirewallError {
77+
err := ipt.RunRule(ADD, enable, logError, []string{
6178
"OUTPUT",
6279
"-t", "mangle",
6380
"-m", "conntrack",
@@ -69,9 +86,9 @@ func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error)
6986
if enable {
7087
// flush conntrack as soon as netfilter rule is set. This ensures that already-established
7188
// connections will go to netfilter queue.
72-
if err := netlink.ConntrackTableFlush(netlink.ConntrackTable); err != nil {
73-
log.Error("error in ConntrackTableFlush %s", err)
89+
if ctErr := netlink.ConntrackTableFlush(netlink.ConntrackTable); ctErr != nil {
90+
log.Error("error in ConntrackTableFlush %s", ctErr)
7491
}
7592
}
76-
return err4, err6
93+
return err
7794
}

0 commit comments

Comments
 (0)