util/linuxfw,go.{mod,sum}: don't log errors when deleting non-existant chains and rules (#11852)

This PR bumps iptables to a newer version that has a function to detect 'NotExists' errors and uses that function to determine whether errors received on iptables rule and chain clean up are because the rule/chain does not exist- if so don't log the error. Updates corp#19336 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2024-04-23 21:08:18 +01:00
parent 3af0f526b8
commit add62af7c6
5 changed files with 24 additions and 40 deletions
--- a/util/linuxfw/iptables_runner_test.go
+++ b/util/linuxfw/iptables_runner_test.go
@@ -13,6 +13,12 @@ import (
 	"tailscale.com/net/tsaddr"
 )

+var testIsNotExistErr = "exitcode:1"
+
+func init() {
+	isNotExistError = func(e error) bool { return e.Error() == testIsNotExistErr }
+}
+
 func TestAddAndDeleteChains(t *testing.T) {
 	iptr := NewFakeIPTablesRunner()
 	err := iptr.AddChains()