lordwelch/router7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netconfig: flush nftables ruleset, replace DHCPv6 address

Browse Source
This commit is contained in:
Michael Stapelberg 2018-06-14 08:27:08 +02:00
parent 19aa03bf58
commit 03b2345eb2
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
integrationnetconfig_test.go
View File

@ -106,6 +106,13 @@ func TestNetconfig(t *testing.T) {
t.Fatalf("netconfig.Apply: %v", err) t.Fatalf("netconfig.Apply: %v", err)
} }
// Apply twice to ensure the absence of errors when dealing with
// already-configured interfaces, addresses, routes, … (and ensure
// nftables rules are replaced, not appendend to).
if err := netconfig.Apply(tmp, filepath.Join(tmp, "root")); err != nil {
t.Fatalf("netconfig.Apply: %v", err)
}
b, err := ioutil.ReadFile(filepath.Join(tmp, "root", "etc", "resolv.conf")) b, err := ioutil.ReadFile(filepath.Join(tmp, "root", "etc", "resolv.conf"))
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)

6
internal/netconfig/netconfig.go
View File

@ -142,8 +142,8 @@ func applyDhcp6(dir string) error {
return err return err
} }
if err := netlink.AddrAdd(link, addr); err != nil { if err := netlink.AddrReplace(link, addr); err != nil {
return fmt.Errorf("AddrAdd(%v): %v", addr, err) return fmt.Errorf("AddrReplace(%v): %v", addr, err)
} }
} }
return nil return nil
@ -359,7 +359,7 @@ func applyPortForwardings(dir string, c *nftables.Conn, nat *nftables.Table, pre
func applyFirewall(dir string) error { func applyFirewall(dir string) error {
c := &nftables.Conn{} c := &nftables.Conn{}
// TODO: currently, each iteration adds a nftables.Rule — clear before? c.FlushRuleset()
nat := c.AddTable(&nftables.Table{ nat := c.AddTable(&nftables.Table{
Family: nftables.TableFamilyIPv4, Family: nftables.TableFamilyIPv4,