c3a8e63100
We were previously using the netlink API to see if there are chains/rules that already exist. This works fine in environments where there is either full nftable support or no support at all. However, we have identified certain environments which have partial nftable support and the only feasible way of detecting such an environment is to try to create some of the chains that we need. This adds a check to create a dummy postrouting chain which is immediately deleted. The goal of the check is to ensure we are able to use nftables and that it won't error out later. This check is only done in the path where we detected that the system has no preexisting nftable rules. Updates #5621 Updates #8555 Updates #8762 Signed-off-by: Maisem Ali <maisem@tailscale.com> |
||
|---|---|---|
| .. | ||
| linuxfwtest | ||
| detector.go | ||
| fake.go | ||
| helpers.go | ||
| iptables.go | ||
| iptables_runner.go | ||
| iptables_runner_test.go | ||
| linuxfw.go | ||
| linuxfw_unsupported.go | ||
| nftables.go | ||
| nftables_runner.go | ||
| nftables_runner_test.go | ||
| nftables_types.go | ||