Merge pull request #2351 from daym/fewer-modprobes

selansen · web-flow · commit 5eb06eb42dec · 2019-07-25T16:18:00.000-04:00
Use fewer modprobes
diff --git a/iptables/iptables.go b/iptables/iptables.go
@@ -72,11 +72,13 @@ func (e ChainError) Error() string {
 }
 
 func probe() {
-	if out, err := exec.Command("modprobe", "-va", "nf_nat").CombinedOutput(); err != nil {
-		logrus.Warnf("Running modprobe nf_nat failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+	path, err := exec.LookPath("iptables")
+	if err != nil {
+		logrus.Warnf("Failed to find iptables: %v", err)
+		return
 	}
-	if out, err := exec.Command("modprobe", "-va", "xt_conntrack").CombinedOutput(); err != nil {
-		logrus.Warnf("Running modprobe xt_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+	if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
+		logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
 	}
 }
 
diff --git a/ns/init_linux.go b/ns/init_linux.go
@@ -76,12 +76,8 @@ func NlHandle() *netlink.Handle {
 func getSupportedNlFamilies() []int {
 	fams := []int{syscall.NETLINK_ROUTE}
 	// NETLINK_XFRM test
-	if err := loadXfrmModules(); err != nil {
-		if checkXfrmSocket() != nil {
-			logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
-		} else {
-			fams = append(fams, syscall.NETLINK_XFRM)
-		}
+	if err := checkXfrmSocket(); err != nil {
+		logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
 	} else {
 		fams = append(fams, syscall.NETLINK_XFRM)
 	}
@@ -99,16 +95,6 @@ func getSupportedNlFamilies() []int {
 	return fams
 }
 
-func loadXfrmModules() error {
-	if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
-		return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-	if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
-		return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
-	}
-	return nil
-}
-
 // API check on required xfrm modules (xfrm_user, xfrm_algo)
 func checkXfrmSocket() error {
 	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)

Original file line number	Diff line number	Diff line change
`@@ -72,11 +72,13 @@ func (e ChainError) Error() string {`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`func probe() {`
`75`		`- if out, err := exec.Command("modprobe", "-va", "nf_nat").CombinedOutput(); err != nil {`
`76`		- logrus.Warnf("Running modprobe nf_nat failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
	`75`	`+ path, err := exec.LookPath("iptables")`
	`76`	`+ if err != nil {`
	`77`	`+ logrus.Warnf("Failed to find iptables: %v", err)`
	`78`	`+ return`
`77`	`79`	`}`
`78`		`- if out, err := exec.Command("modprobe", "-va", "xt_conntrack").CombinedOutput(); err != nil {`
`79`		- logrus.Warnf("Running modprobe xt_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
	`80`	`+ if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {`
	`81`	+ logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
`80`	`82`	`}`
`81`	`83`	`}`
`82`	`84`