check-config.sh: add NETFILTER_XT_MARK

Points out another symbol that Docker might need. in this case Docker's mesh network in swarm mode does not route Virtual IPs if it's unset. From /var/logs/docker.log: time="2021-02-19T18:15:39+01:00" level=error msg="set up rule failed, [-t mangle -A INPUT -d 10.0.1.2/32 -j MARK --set-mark 257]: (iptables failed: iptables --wait -t mang le -A INPUT -d 10.0.1.2/32 -j MARK --set-mark 257: iptables v1.8.7 (legacy): unknown option \"--set-mark\"\nTry `iptables -h' or 'iptables --help' for more information.\n (exit status 2))" Bug: moby/libnetwork#2227 Bug: docker/for-linux#644 Bug: docker/for-linux#525 Signed-off-by: Piotr Karbowski <[email protected]> (cherry picked from commit e8ceb97) Signed-off-by: Sebastiaan van Stijn <[email protected]>
WAGO · Sep 15, 2021 · 8cddfcc · 8cddfcc
1 parent 01fa9a8
commit 8cddfcc
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/contrib/check-config.sh b/contrib/check-config.sh
@@ -198,6 +198,7 @@ flags=(
 	VETH BRIDGE BRIDGE_NETFILTER
 	IP_NF_FILTER IP_NF_TARGET_MASQUERADE
 	NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
+	NETFILTER_XT_MARK
 	IP_NF_NAT NF_NAT
 
 	# required for bind-mounting /dev/mqueue into containers