netconfig: flush nftables ruleset, replace DHCPv6 address

2018-06-14 08:27:08 +02:00 · 2018-06-14 08:27:08 +02:00 · 03b2345eb2
commit 03b2345eb2
parent 19aa03bf58
2 changed files with 10 additions and 3 deletions
--- a/integrationnetconfig_test.go
+++ b/integrationnetconfig_test.go
@ -106,6 +106,13 @@ func TestNetconfig(t *testing.T) {
 			t.Fatalf("netconfig.Apply: %v", err)
 		}

+		// Apply twice to ensure the absence of errors when dealing with
+		// already-configured interfaces, addresses, routes, … (and ensure
+		// nftables rules are replaced, not appendend to).
+		if err := netconfig.Apply(tmp, filepath.Join(tmp, "root")); err != nil {
+			t.Fatalf("netconfig.Apply: %v", err)
+		}
+
 		b, err := ioutil.ReadFile(filepath.Join(tmp, "root", "etc", "resolv.conf"))
 		if err != nil {
 			t.Fatal(err)
--- a/internal/netconfig/netconfig.go
+++ b/internal/netconfig/netconfig.go
@ -142,8 +142,8 @@ func applyDhcp6(dir string) error {
 			return err
 		}

-		if err := netlink.AddrAdd(link, addr); err != nil {
-			return fmt.Errorf("AddrAdd(%v): %v", addr, err)
+		if err := netlink.AddrReplace(link, addr); err != nil {
+			return fmt.Errorf("AddrReplace(%v): %v", addr, err)
 		}
 	}
 	return nil
@ -359,7 +359,7 @@ func applyPortForwardings(dir string, c *nftables.Conn, nat *nftables.Table, pre
 func applyFirewall(dir string) error {
 	c := &nftables.Conn{}

-	// TODO: currently, each iteration adds a nftables.Rule — clear before?
+	c.FlushRuleset()

 	nat := c.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv4,