vxlan-policy-agent: pre-start ipv6 support

Author: plamen-bardarov

src/code.cloudfoundry.org/vxlan-policy-agent/cmd/pre-start/main.go

@@ -1,43 +1,50 @@
 package main
 
 import (
+	"code.cloudfoundry.org/lib/common"
+	"code.cloudfoundry.org/lib/rules"
 	"flag"
 	"log"
 	"sync"
-	"time"
-
-	"code.cloudfoundry.org/lib/rules"
 
 	"code.cloudfoundry.org/filelock"
 	"github.com/coreos/go-iptables/iptables"
 )
 
 const (
-	ClientTimeout    = 5 * time.Second
-	IngressChainName = "istio-ingress"
-	jobPrefix        = "silk-daemon-bootstrap"
-	logPrefix        = "cfnetworking"
-	MAX_RETRIES      = 15
+	MaxRetries = 15
 )
 
 func main() {
 	lockFilePath := flag.String("lock-file", "", "path to iptables file")
 	flag.Parse()
 
-	ipTablesAdapter, err := createIpTablesAdapter(*lockFilePath)
+	ipTablesAdapter, err := createIpTablesAdapter(*lockFilePath, false)
 	if err != nil {
-		log.Fatalf("Could not initialize iptables adapter: %s", err)
+		log.Fatalf("Could not initialize ip4tables adapter: %s", err)
 	}
 
 	err = PreStart(ipTablesAdapter)
 	if err != nil {
-		log.Fatalf("pre-start failed after %d attempts - giving up", MAX_RETRIES)
+		log.Fatalf("pre-start failed after %d attempts - giving up", MaxRetries)
+	}
+
+	if common.IsIPv6Enabled() {
+		ipTablesAdapter, err = createIpTablesAdapter(*lockFilePath, false)
+		if err != nil {
+			log.Fatalf("Could not initialize ip6tables adapter: %s", err)
+		}
+
+		err = PreStart(ipTablesAdapter)
+		if err != nil {
+			log.Fatalf("pre-start failed after %d attempts - giving up", MaxRetries)
+		}
 	}
 }
 
 func PreStart(ipTablesAdapter rules.IPTablesAdapter) error {
 	var err error
-	for i := 0; i < MAX_RETRIES; i++ {
+	for i := 0; i < MaxRetries; i++ {
 		err = ipTablesAdapter.FlushAndRestore(`*filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
@@ -59,8 +66,16 @@ COMMIT
 	return err
 }
 
-func createIpTablesAdapter(iptablesLockFile string) (rules.IPTablesAdapter, error) {
-	ipt, err := iptables.New()
+func createIpTablesAdapter(iptablesLockFile string, ipv6 bool) (rules.IPTablesAdapter, error) {
+	var ipt *iptables.IPTables
+	var err error
+
+	if ipv6 {
+		ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv6)
+	} else {
+		ipt, err = iptables.New()
+	}
+
 	if err != nil {
 		return nil, err
 	}
@@ -70,10 +85,14 @@ func createIpTablesAdapter(iptablesLockFile string) (rules.IPTablesAdapter, erro
 		Mutex:      &sync.Mutex{},
 	}
 
+	restorer := &rules.Restorer{
+		IPv6: ipv6,
+	}
+
 	tables := &rules.LockedIPTables{
 		IPTables: ipt,
 		Locker:   iptLocker,
-		Restorer: &rules.Restorer{},
+		Restorer: restorer,
 	}
 
 	return tables, nil

src/code.cloudfoundry.org/vxlan-policy-agent/cmd/pre-start/main_test.go

@@ -31,7 +31,7 @@ var _ = Describe("Pre-Start", func() {
 		It("retries up to MAX_RETRIES times", func() {
 			err := main.PreStart(fakeIpTables)
 			Expect(err).To(HaveOccurred())
-			Expect(fakeIpTables.FlushAndRestoreCallCount()).To(Equal(main.MAX_RETRIES))
+			Expect(fakeIpTables.FlushAndRestoreCallCount()).To(Equal(main.MaxRetries))
 
 		})