fix: timeout work on version >= v1.6.0

coreos · Apr 18, 2021 · 071c14f · 071c14f
1 parent abea47c
commit 071c14f
Showing 1 changed file with 27 additions and 14 deletions.
diff --git a/iptables/iptables.go b/iptables/iptables.go
@@ -64,16 +64,17 @@ const (
 )
 
 type IPTables struct {
-	path           string
-	proto          Protocol
-	hasCheck       bool
-	hasWait        bool
-	hasRandomFully bool
-	v1             int
-	v2             int
-	v3             int
-	mode           string // the underlying iptables operating mode, e.g. nf_tables
-	timeout        int    // time to wait for the iptables lock, default waits forever
+	path              string
+	proto             Protocol
+	hasCheck          bool
+	hasWait           bool
+	waitSupportSecond bool
+	hasRandomFully    bool
+	v1                int
+	v2                int
+	v3                int
+	mode              string // the underlying iptables operating mode, e.g. nf_tables
+	timeout           int    // time to wait for the iptables lock, default waits forever
 }
 
 // Stat represents a structured statistic entry.
@@ -139,9 +140,10 @@ func New(opts ...option) (*IPTables, error) {
 	ipt.v3 = v3
 	ipt.mode = mode
 
-	checkPresent, waitPresent, randomFullyPresent := getIptablesCommandSupport(v1, v2, v3)
+	checkPresent, waitPresent, waitSupportSecond, randomFullyPresent := getIptablesCommandSupport(v1, v2, v3)
 	ipt.hasCheck = checkPresent
 	ipt.hasWait = waitPresent
+	ipt.waitSupportSecond = waitSupportSecond
 	ipt.hasRandomFully = randomFullyPresent
 
 	return ipt, nil
@@ -487,7 +489,7 @@ func (ipt *IPTables) runWithOutput(args []string, stdout io.Writer) error {
 	args = append([]string{ipt.path}, args...)
 	if ipt.hasWait {
 		args = append(args, "--wait")
-		if ipt.timeout != 0 {
+		if ipt.timeout != 0 && ipt.waitSupportSecond {
 			args = append(args, strconv.Itoa(ipt.timeout))
 		}
 	} else {
@@ -533,8 +535,8 @@ func getIptablesCommand(proto Protocol) string {
 }
 
 // Checks if iptables has the "-C" and "--wait" flag
-func getIptablesCommandSupport(v1 int, v2 int, v3 int) (bool, bool, bool) {
-	return iptablesHasCheckCommand(v1, v2, v3), iptablesHasWaitCommand(v1, v2, v3), iptablesHasRandomFully(v1, v2, v3)
+func getIptablesCommandSupport(v1 int, v2 int, v3 int) (bool, bool, bool, bool) {
+	return iptablesHasCheckCommand(v1, v2, v3), iptablesHasWaitCommand(v1, v2, v3), iptablesWaitSupportSecond(v1, v2, v3), iptablesHasRandomFully(v1, v2, v3)
 }
 
 // getIptablesVersion returns the first three components of the iptables version
@@ -609,6 +611,17 @@ func iptablesHasWaitCommand(v1 int, v2 int, v3 int) bool {
 	return false
 }
 
+//Checks if an iptablse version is after 1.6.0, when --wait support second
+func iptablesWaitSupportSecond(v1 int, v2 int, v3 int) bool {
+	if v1 > 1 {
+		return true
+	}
+	if v1 == 1 && v2 >= 6 {
+		return true
+	}
+	return false
+}
+
 // Checks if an iptables version is after 1.6.2, when --random-fully was added
 func iptablesHasRandomFully(v1 int, v2 int, v3 int) bool {
 	if v1 > 1 {