From a24d92f95bd28df2298f1bc746217e7077d1aec2 Mon Sep 17 00:00:00 2001
From: Piotr Karbowski <piotr.karbowski@protonmail.ch>
Date: Fri, 19 Feb 2021 20:19:36 +0100
Subject: [PATCH] check-config.sh: add NETFILTER_XT_MARK

Points out another symbol that Docker might need. in this case Docker's
mesh network in swarm mode does not route Virtual IPs if it's unset.

From /var/logs/docker.log:
time="2021-02-19T18:15:39+01:00" level=error msg="set up rule failed, [-t mangle -A INPUT -d 10.0.1.2/32 -j MARK --set-mark 257]:  (iptables failed: iptables --wait -t mang
le -A INPUT
-d 10.0.1.2/32 -j MARK --set-mark 257: iptables v1.8.7 (legacy): unknown option \"--set-mark\"\nTry `iptables -h' or 'iptables --help' for more information.\n (exit status 2))"

Bug: https://github.com/moby/libnetwork/issues/2227
Bug: https://github.com/docker/for-linux/issues/644
Bug: https://github.com/docker/for-linux/issues/525
Signed-off-by: Piotr Karbowski <piotr.karbowski@protonmail.ch>
(cherry picked from commit e8ceb976469e15547ed368ba5c110102ccc5fbfa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 contrib/check-config.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 849dc32d22..b363d3d34e 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -198,6 +198,7 @@ flags=(
 	VETH BRIDGE BRIDGE_NETFILTER
 	IP_NF_FILTER IP_NF_TARGET_MASQUERADE
 	NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
+	NETFILTER_XT_MARK
 	IP_NF_NAT NF_NAT
 
 	# required for bind-mounting /dev/mqueue into containers