From 08d0f33416f4a290e7cfb6b5326be1f04b8009d3 Mon Sep 17 00:00:00 2001
From: Dan Winship <danwinship@redhat.com>
Date: Mon, 21 Feb 2022 12:25:06 -0500
Subject: [PATCH] portmap: fix checkPorts result when chain does not exist

checkPorts would return nil rather than an error if the per-container
DNAT chain didn't exist, meaning CHECK would erroneously return
success rather than failure.

chain.check() already (correctly) checks that the chain exists, so
there's no need to do it separately before calling that anyway.

Signed-off-by: Dan Winship <danwinship@redhat.com>
---
 plugins/meta/portmap/portmap.go | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/plugins/meta/portmap/portmap.go b/plugins/meta/portmap/portmap.go
index 480431be..8178bfbc 100644
--- a/plugins/meta/portmap/portmap.go
+++ b/plugins/meta/portmap/portmap.go
@@ -127,26 +127,12 @@ func checkPorts(config *PortMapConf, containerNet net.IPNet) error {
 	}
 
 	if ip4t != nil {
-		exists, err := utils.ChainExists(ip4t, dnatChain.table, dnatChain.name)
-		if err != nil {
-			return err
-		}
-		if !exists {
-			return err
-		}
 		if err := dnatChain.check(ip4t); err != nil {
 			return fmt.Errorf("could not check ipv4 dnat: %v", err)
 		}
 	}
 
 	if ip6t != nil {
-		exists, err := utils.ChainExists(ip6t, dnatChain.table, dnatChain.name)
-		if err != nil {
-			return err
-		}
-		if !exists {
-			return err
-		}
 		if err := dnatChain.check(ip6t); err != nil {
 			return fmt.Errorf("could not check ipv6 dnat: %v", err)
 		}