Merge pull request #13292 from coolljt0725/add_bridge_nf_to_docker_info

Add bridge-nf-call-iptables/bridge-nf-call-ipv6tables to docker info
2022-11-09 12:21:53 -05:00 · 2015-06-16 22:15:48 -07:00 · 2015-06-16 22:15:48 -07:00 · 9ad87523c0
commit 9ad87523c0
parent a27d8f9aa4 57d12a0e0a
5 changed files with 34 additions and 7 deletions
--- a/api/client/info.go
+++ b/api/client/info.go
@ -76,6 +76,12 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	if !info.IPv4Forwarding {
 		fmt.Fprintf(cli.err, "WARNING: IPv4 forwarding is disabled.\n")
 	}
+	if !info.BridgeNfIptables {
+		fmt.Fprintf(cli.err, "WARNING: bridge-nf-call-iptables is disabled\n")
+	}
+	if !info.BridgeNfIp6tables {
+		fmt.Fprintf(cli.err, "WARNING: bridge-nf-call-ip6tables is disabled\n")
+	}
 	if info.Labels != nil {
 		fmt.Fprintln(cli.out, "Labels:")
 		for _, attribute := range info.Labels {
--- a/api/types/types.go
+++ b/api/types/types.go
@ -153,6 +153,8 @@ type Info struct {
 	CpuCfsPeriod       bool
 	CpuCfsQuota        bool
 	IPv4Forwarding     bool
+	BridgeNfIptables   bool
+	BridgeNfIp6tables  bool
 	Debug              bool
 	NFd                int
 	OomKillDisable     bool
--- a/daemon/info.go
+++ b/daemon/info.go
@ -67,6 +67,8 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 		CpuCfsPeriod:       daemon.SystemConfig().CpuCfsPeriod,
 		CpuCfsQuota:        daemon.SystemConfig().CpuCfsQuota,
 		IPv4Forwarding:     !daemon.SystemConfig().IPv4ForwardingDisabled,
+		BridgeNfIptables:   !daemon.SystemConfig().BridgeNfCallIptablesDisabled,
+		BridgeNfIp6tables:  !daemon.SystemConfig().BridgeNfCallIp6tablesDisabled,
 		Debug:              os.Getenv("DEBUG") != "",
 		NFd:                fileutils.GetTotalUsedFds(),
 		OomKillDisable:     daemon.SystemConfig().OomKillDisable,
--- a/pkg/sysinfo/sysinfo.go
+++ b/pkg/sysinfo/sysinfo.go
@ -10,4 +10,6 @@ type SysInfo struct {
 	IPv4ForwardingDisabled        bool
 	AppArmor                      bool
 	OomKillDisable                bool
+	BridgeNfCallIptablesDisabled  bool
+	BridgeNfCallIp6tablesDisabled bool
 }
--- a/pkg/sysinfo/sysinfo_linux.go
+++ b/pkg/sysinfo/sysinfo_linux.go
@ -63,6 +63,21 @@ func New(quiet bool) *SysInfo {
 		}
 	}

+	// Check if bridge-nf-call-iptables is disabled.
+	if data, err := ioutil.ReadFile("/proc/sys/net/bridge/bridge-nf-call-iptables"); os.IsNotExist(err) {
+		sysInfo.BridgeNfCallIptablesDisabled = true
+	} else {
+		enabled, _ := strconv.Atoi(strings.TrimSpace(string(data)))
+		sysInfo.BridgeNfCallIptablesDisabled = enabled == 0
+	}
+	// Check if bridge-nf-call-ip6tables is disabled.
+	if data, err := ioutil.ReadFile("/proc/sys/net/bridge/bridge-nf-call-ip6tables"); os.IsNotExist(err) {
+		sysInfo.BridgeNfCallIp6tablesDisabled = true
+	} else {
+		enabled, _ := strconv.Atoi(strings.TrimSpace(string(data)))
+		sysInfo.BridgeNfCallIp6tablesDisabled = enabled == 0
+	}
+
 	// Check if AppArmor is supported.
 	if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) {
 		sysInfo.AppArmor = false