Merge pull request #85440 from gkarthiks/master

Fix lint in /pkg/util/iptables

hack/.golint_failures

@@ -219,7 +219,6 @@ pkg/ssh
 pkg/util/config
 pkg/util/ebtables
 pkg/util/goroutinemap/exponentialbackoff
-pkg/util/iptables
 pkg/util/iptables/testing
 pkg/util/labels # See previous effort in PR #80685
 pkg/util/oom

pkg/util/iptables/iptables.go

@@ -33,14 +33,17 @@ import (
 	utiltrace "k8s.io/utils/trace"
 )
 
+// RulePosition holds the -I/-A flags for iptable
 type RulePosition string
 
 const (
+	// Prepend is the insert flag for iptable
 	Prepend RulePosition = "-I"
-	Append  RulePosition = "-A"
+	// Append is the append flag for iptable
+	Append RulePosition = "-A"
 )
 
-// An injectable interface for running iptables commands.  Implementations must be goroutine-safe.
+// Interface is an injectable interface for running iptables commands.  Implementations must be goroutine-safe.
 type Interface interface {
 	// EnsureChain checks if the specified chain exists and, if not, creates it.  If the chain existed, return true.
 	EnsureChain(table Table, chain Chain) (bool, error)
@@ -83,29 +86,42 @@ type Interface interface {
 	HasRandomFully() bool
 }
 
+// Protocol defines the ip protocol either ipv4 or ipv6
 type Protocol byte
 
 const (
+	// ProtocolIpv4 represents ipv4 protocol in iptables
 	ProtocolIpv4 Protocol = iota + 1
+	// ProtocolIpv6 represents ipv6 protocol in iptables
 	ProtocolIpv6
 )
 
+// Table represents different iptable like filter,nat, mangle and raw
 type Table string
 
 const (
-	TableNAT    Table = "nat"
+	// TableNAT represents the built-in nat table
+	TableNAT Table = "nat"
+	// TableFilter represents the built-in filter table
 	TableFilter Table = "filter"
+	// TableMangle represents the built-in mangle table
 	TableMangle Table = "mangle"
 )
 
+// Chain represents the different rules
 type Chain string
 
 const (
+	// ChainPostrouting used for source NAT in nat table
 	ChainPostrouting Chain = "POSTROUTING"
-	ChainPrerouting  Chain = "PREROUTING"
+	// ChainPrerouting used for DNAT (destination NAT) in nat table
-	ChainOutput      Chain = "OUTPUT"
+	ChainPrerouting Chain = "PREROUTING"
-	ChainInput       Chain = "INPUT"
+	// ChainOutput used for the packets going out from local
-	ChainForward     Chain = "FORWARD"
+	ChainOutput Chain = "OUTPUT"
+	// ChainInput used for incoming packets
+	ChainInput Chain = "INPUT"
+	// ChainForward used for the packets for another NIC
+	ChainForward Chain = "FORWARD"
 )
 
 const (
@@ -117,32 +133,49 @@ const (
 	cmdIP6Tables        string = "ip6tables"
 )
 
-// Option flag for Restore
+// RestoreCountersFlag is an option flag for Restore
 type RestoreCountersFlag bool
 
+// RestoreCounters a boolean true constant for the option flag RestoreCountersFlag
 const RestoreCounters RestoreCountersFlag = true
+
+// NoRestoreCounters a boolean false constant for the option flag RestoreCountersFlag
 const NoRestoreCounters RestoreCountersFlag = false
 
-// Option flag for Flush
+// FlushFlag an option flag for Flush
 type FlushFlag bool
 
+// FlushTables a boolean true constant for option flag FlushFlag
 const FlushTables FlushFlag = true
+
+// NoFlushTables a boolean false constant for option flag FlushFlag
 const NoFlushTables FlushFlag = false
 
+// MinCheckVersion minimum version to be checked
 // Versions of iptables less than this do not support the -C / --check flag
 // (test whether a rule exists).
 var MinCheckVersion = utilversion.MustParseGeneric("1.4.11")
 
+// RandomFullyMinVersion is the minimum version from which the --random-fully flag is supported,
+// used for port mapping to be fully randomized
 var RandomFullyMinVersion = utilversion.MustParseGeneric("1.6.2")
 
-// Minimum iptables versions supporting the -w and -w<seconds> flags
+// WaitMinVersion a minimum iptables versions supporting the -w and -w<seconds> flags
 var WaitMinVersion = utilversion.MustParseGeneric("1.4.20")
+
+// WaitSecondsMinVersion a minimum iptables versions supporting the wait seconds
 var WaitSecondsMinVersion = utilversion.MustParseGeneric("1.4.22")
+
+// WaitRestoreMinVersion a minimum iptables versions supporting the wait restore seconds
 var WaitRestoreMinVersion = utilversion.MustParseGeneric("1.6.2")
 
+// WaitString a constant for specifying the wait flag
 const WaitString = "-w"
+
+// WaitSecondsValue a constant for specifying the default wait seconds
 const WaitSecondsValue = "5"
 
+// LockfilePath16x is the iptables lock file acquired by any process that's making any change in the iptable rule
 const LockfilePath16x = "/run/xtables.lock"
 
 // runner implements Interface in terms of exec("iptables").
@@ -706,7 +739,6 @@ const iptablesStatusResourceProblem = 4
 func isResourceError(err error) bool {
 	if ee, isExitError := err.(utilexec.ExitError); isExitError {
 		return ee.ExitStatus() == iptablesStatusResourceProblem
-	} else {
-		return false
 	}
+	return false
 }

pkg/util/iptables/monitor_test.go

@@ -130,9 +130,8 @@ func (mfc *monitorFakeCmd) CombinedOutput() ([]byte, error) {
 	case opListChain:
 		if table.Has(chainName) {
 			return []byte{}, nil
-		} else {
-			return []byte{}, fmt.Errorf("no such chain %q", chainName)
 		}
+		return []byte{}, fmt.Errorf("no such chain %q", chainName)
 	case opDeleteChain:
 		table.Delete(chainName)
 		return []byte{}, nil