Description
We execute the plugins via commandline, because everything works fine i think we are using them right - but if
we add ipv6 it can not cleanup some ip6tables with an error msg;
{
"cniVersion":"0.4.0",
"name":"hynet",
"type":"bridge",
"bridge":"hybr0",
"isGateway":true,
"ipMasq":true,
"ipam":{
"type":"host-local",
"ranges":[
[
{
"subnet":"fd00:101::/64",
"gateway":"fd00:101::1"
}
],
[
{
"subnet":"10.10.0.0/16",
"gateway":"10.10.0.1"
}
]
]
}
}
After "ADD" everything works as expected and looks good:
(veth, bridge on host added, eth0 on ns added, iptables created, networking fine)
ip6tables -t nat --list
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
CNI-63fd59f190a7b6095f99898e all fd00:101::9 anywhere /* name: "hynet" id: "testler" */
Chain CNI-63fd59f190a7b6095f99898e (1 references)
target prot opt source destination
ACCEPT all anywhere fd00:101::/64 /* name: "hynet" id: "testler" */
MASQUERADE all anywhere !ff00::/8 /* name: "hynet" id: "testler" */
If we now try to "DEL":
(with prevResult added)
{
"code": 999,
"msg": "running [/usr/sbin/ip6tables -t nat -D POSTROUTING -s fd00:101::9/64 -j CNI-63fd59f190a7b6095f99898e -m comment --comment name: \"hynet\" id: \"testler\" --wait]: exit status 1: iptables: Bad rule (does a matching rule exist in that chain?).\n"
}
We get the error above... but the rule is in fact removed, but not the CNI-Chain.
ip6tables -t nat --list
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain CNI-63fd59f190a7b6095f99898e (1 references)
target prot opt source destination
ACCEPT all anywhere fd00:101::/64 /* name: "hynet" id: "testler" */
MASQUERADE all anywhere !ff00::/8 /* name: "hynet" id: "testler" */
It seems that it tries to delete the same rule twice and then get this error. If we remove ipv6 everything works, ADD and DEL, with all resources and iptables cleaned up.