github.com/cilium/cilium@v1.16.2/tools/dev-doctor/iptablescheck.go

github.com/cilium/cilium@v1.16.2/tools/dev-doctor/iptablescheck.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package main
     5  
     6  import (
     7  	"errors"
     8  	"fmt"
     9  	"os"
    10  	"os/exec"
    11  	"runtime"
    12  	"strings"
    13  )
    14  
    15  // An iptablesRuleCheck checks that the given iptables rule is present.
    16  type iptablesRuleCheck struct {
    17  	rule []string
    18  }
    19  
    20  func (c *iptablesRuleCheck) Name() string {
    21  	return "iptables-rule"
    22  }
    23  
    24  func (c *iptablesRuleCheck) Run() (checkResult, string) {
    25  	if runtime.GOOS != "linux" {
    26  		return checkSkipped, "iptables only used on linux"
    27  	}
    28  
    29  	iptablesPath, err := exec.LookPath("iptables")
    30  	if errors.Is(err, exec.ErrNotFound) {
    31  		return checkSkipped, "iptables not found in $PATH"
    32  	}
    33  
    34  	cmd := exec.Command(iptablesPath, append([]string{"--check"}, []string(c.rule)...)...)
    35  	if os.Getuid() != 0 {
    36  		var err error
    37  		cmd, err = sudo(cmd)
    38  		if err != nil {
    39  			return checkFailed, err.Error()
    40  		}
    41  	}
    42  	err = cmd.Run()
    43  	if err != nil {
    44  		exitError := &exec.ExitError{}
    45  		if !errors.As(err, &exitError) {
    46  			return checkFailed, err.Error()
    47  		}
    48  	}
    49  	if cmd.ProcessState.ExitCode() != 0 {
    50  		return checkError, fmt.Sprintf("rule %s not found", strings.Join(c.rule, " "))
    51  	}
    52  
    53  	return checkOK, fmt.Sprintf("found rule %s", strings.Join(c.rule, " "))
    54  }
    55  
    56  func (c *iptablesRuleCheck) Hint() string {
    57  	return fmt.Sprintf(`Run "sudo iptables -A %s".`, strings.Join(c.rule, " "))
    58  }