portmap: fix checkPorts result when chain does not exist

checkPorts would return nil rather than an error if the per-container DNAT chain didn't exist, meaning CHECK would erroneously return success rather than failure. chain.check() already (correctly) checks that the chain exists, so there's no need to do it separately before calling that anyway. Signed-off-by: Dan Winship <danwinship@redhat.com>
containernetworking · Feb 21, 2022 · 08d0f33 · 08d0f33
1 parent 76307bf
commit 08d0f33
Showing 1 changed file with 0 additions and 14 deletions.
diff --git a/plugins/meta/portmap/portmap.go b/plugins/meta/portmap/portmap.go
@@ -127,26 +127,12 @@ func checkPorts(config *PortMapConf, containerNet net.IPNet) error {
 	}
 
 	if ip4t != nil {
-		exists, err := utils.ChainExists(ip4t, dnatChain.table, dnatChain.name)
-		if err != nil {
-			return err
-		}
-		if !exists {
-			return err
-		}
 		if err := dnatChain.check(ip4t); err != nil {
 			return fmt.Errorf("could not check ipv4 dnat: %v", err)
 		}
 	}
 
 	if ip6t != nil {
-		exists, err := utils.ChainExists(ip6t, dnatChain.table, dnatChain.name)
-		if err != nil {
-			return err
-		}
-		if !exists {
-			return err
-		}
 		if err := dnatChain.check(ip6t); err != nil {
 			return fmt.Errorf("could not check ipv6 dnat: %v", err)
 		}