Merge pull request #1395 from c00w/490-warn-ipv4forwarding-disabled

* Runtime: Add warning when net.ipv4.ip_forwarding = 0

AUTHORS

@@ -22,6 +22,7 @@ Caleb Spare <cespare@gmail.com>
 Calen Pennington <cale@edx.org>
 Charles Hooper <charles.hooper@dotcloud.com>
 Christopher Currie <codemonkey+github@gmail.com>
+Colin Rice <colin@daedrum.net>
 Daniel Gasienica <daniel@gasienica.ch>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>
 Daniel Robinson <gottagetmac@gmail.com>

api.go

@@ -522,6 +522,11 @@ func postContainersCreate(srv *Server, version float64, w http.ResponseWriter, r
 		out.Warnings = append(out.Warnings, "Your kernel does not support memory swap capabilities. Limitation discarded.")
 	}
 
+	if !srv.runtime.capabilities.IPv4Forwarding {
+		log.Println("Warning: IPv4 forwarding is disabled.")
+		out.Warnings = append(out.Warnings, "IPv4 forwarding is disabled.")
+	}
+
 	b, err := json.Marshal(out)
 	if err != nil {
 		return err

api_params.go

@@ -24,6 +24,7 @@ type APIInfo struct {
 	NGoroutines        int    `json:",omitempty"`
 	MemoryLimit        bool   `json:",omitempty"`
 	SwapLimit          bool   `json:",omitempty"`
+	IPv4Forwarding     bool   `json:",omitempty"`
 	LXCVersion         string `json:",omitempty"`
 	NEventsListener    int    `json:",omitempty"`
 	KernelVersion      string `json:",omitempty"`

commands.go

@@ -510,6 +510,9 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	if !out.SwapLimit {
 		fmt.Fprintf(cli.err, "WARNING: No swap limit support\n")
 	}
+	if !out.IPv4Forwarding {
+		fmt.Fprintf(cli.err, "WARNING: IPv4 forwarding is disabled.\n")
+	}
 	return nil
 }
 

container.go

@@ -534,6 +534,10 @@ func (container *Container) Start(hostConfig *HostConfig) error {
 		container.Config.MemorySwap = -1
 	}
 
+	if !container.runtime.capabilities.IPv4Forwarding {
+		log.Printf("WARNING: IPv4 forwarding is disabled. Networking will not work")
+	}
+
 	// Create the requested bind mounts
 	binds := make(map[string]BindMap)
 	// Define illegal container destinations

docs/sources/api/docker_remote_api_v1.4.rst

@@ -1025,7 +1025,8 @@ Display system-wide information
 		"NFd": 11,
 		"NGoroutines":21,
 		"MemoryLimit":true,
-		"SwapLimit":false
+		"SwapLimit":false,
+		"IPv4Forwarding":true
 	   }
 
         :statuscode 200: no error

runtime.go

@@ -15,8 +15,9 @@ import (
 )
 
 type Capabilities struct {
-	MemoryLimit bool
+	MemoryLimit    bool
-	SwapLimit   bool
+	SwapLimit      bool
+	IPv4Forwarding bool
 }
 
 type Runtime struct {
@@ -240,6 +241,12 @@ func (runtime *Runtime) UpdateCapabilities(quiet bool) {
 		if !runtime.capabilities.SwapLimit && !quiet {
 			log.Printf("WARNING: Your kernel does not support cgroup swap limit.")
 		}
+
+		content, err3 := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")
+		runtime.capabilities.IPv4Forwarding = err3 == nil && len(content) > 0 && content[0] == '1'
+		if !runtime.capabilities.IPv4Forwarding && !quiet {
+			log.Printf("WARNING: IPv4 forwarding is disabled.")
+		}
 	}
 }
 

server.go

@@ -269,6 +269,7 @@ func (srv *Server) DockerInfo() *APIInfo {
 		Images:             imgcount,
 		MemoryLimit:        srv.runtime.capabilities.MemoryLimit,
 		SwapLimit:          srv.runtime.capabilities.SwapLimit,
+		IPv4Forwarding:     srv.runtime.capabilities.IPv4Forwarding,
 		Debug:              os.Getenv("DEBUG") != "",
 		NFd:                utils.GetTotalUsedFds(),
 		NGoroutines:        runtime.NumGoroutine(),