util/linuxfw,go.{mod,sum}: don't log errors when deleting non-existant chains and rules (#11852)

This PR bumps iptables to a newer version that has a function to detect 'NotExists' errors and uses that function to determine whether errors received on iptables rule and chain clean up are because the rule/chain does not exist- if so don't log the error. Updates corp#19336 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2025-12-03 10:31:59 +00:00 · 2024-04-23 21:08:18 +01:00
parent 3af0f526b8
commit add62af7c6
5 changed files with 24 additions and 40 deletions
--- a/util/linuxfw/linuxfw.go
+++ b/util/linuxfw/linuxfw.go
@@ -11,7 +11,6 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"os/exec"
 	"strconv"
 	"strings"

@@ -105,26 +104,6 @@ func getTailscaleSubnetRouteMark() []byte {
 	return []byte{0x00, 0x04, 0x00, 0x00}
 }

-// errCode extracts and returns the process exit code from err, or
-// zero if err is nil.
-func errCode(err error) int {
-	if err == nil {
-		return 0
-	}
-	var e *exec.ExitError
-	if ok := errors.As(err, &e); ok {
-		return e.ExitCode()
-	}
-	s := err.Error()
-	if strings.HasPrefix(s, "exitcode:") {
-		code, err := strconv.Atoi(s[9:])
-		if err == nil {
-			return code
-		}
-	}
-	return -42
-}
-
 // checkIPv6 checks whether the system appears to have a working IPv6
 // network stack. It returns an error explaining what looks wrong or
 // missing.  It does not check that IPv6 is currently functional or