-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'DEL' can not clean up all ip6tables #544
Closed
corporateselect opened this issue
Oct 22, 2020
· 0 comments
· Fixed by #563 · May be fixed by RoyceDavison/firecracker-go-sdk#4
Closed
'DEL' can not clean up all ip6tables #544
corporateselect opened this issue
Oct 22, 2020
· 0 comments
· Fixed by #563 · May be fixed by RoyceDavison/firecracker-go-sdk#4
Labels
Comments
tlwr
added a commit
to tlwr/cni-plugins
that referenced
this issue
Dec 31, 2020
Closes containernetworking#544 The above issue describes a situation where using the bridge plugin with IPv6 addresses prevented `DEL` from working correctly. `DEL` seems to be failing in the body of `TeardownIPMasq` This arises because: * twice delete postrouting rules: `ipn.String()` `ipn.IP.String()` containernetworking#279 * we are using a version of go-iptables which is bugged for v6 PR github.com/coreos/go-iptables/pull/74 describes why this does not work. The error message is not being checked correctly. Using a later version of go-iptables means that * when the second `ipt.Delete` fails (this is okay) * we will correctly interpret this as an non-fatal error * `TeardownIPMasq` will not prematurely exit the method * `ipt.ClearChain` now can run * `ipt.DeleteChain` now can run This explains why this was working for v4 but not v6 Signed-off-by: toby lorne <toby@toby.codes>
tlwr
added a commit
to tlwr/cni-plugins
that referenced
this issue
Jan 5, 2021
Closes containernetworking#544 The above issue describes a situation where using the bridge plugin with IPv6 addresses prevented `DEL` from working correctly. `DEL` seems to be failing in the body of `TeardownIPMasq` This arises because: * twice delete postrouting rules: `ipn.String()` `ipn.IP.String()` containernetworking#279 * we are using a version of go-iptables which is bugged for v6 PR github.com/coreos/go-iptables/pull/74 describes why this does not work. The error message is not being checked correctly. Using a later version of go-iptables means that * when the second `ipt.Delete` fails (this is okay) * we will correctly interpret this as an non-fatal error * `TeardownIPMasq` will not prematurely exit the method * `ipt.ClearChain` now can run * `ipt.DeleteChain` now can run This explains why this was working for v4 but not v6 This commit was amended to include v0.5.0 instead of a pseudo-version v0.4.6-0.20200318170312-12696f5c9108 Signed-off-by: toby lorne <toby@toby.codes>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We execute the plugins via commandline, because everything works fine i think we are using them right - but if
we add ipv6 it can not cleanup some ip6tables with an error msg;
After "ADD" everything works as expected and looks good:
(veth, bridge on host added, eth0 on ns added, iptables created, networking fine)
ip6tables -t nat --list
If we now try to "DEL":
(with prevResult added)
We get the error above... but the rule is in fact removed, but not the CNI-Chain.
ip6tables -t nat --list
It seems that it tries to delete the same rule twice and then get this error. If we remove ipv6 everything works, ADD and DEL, with all resources and iptables cleaned up.
The text was updated successfully, but these errors were encountered: