Merge pull request #1502 from aboch/mc

Run API check to assert xfrm modules
moby · Oct 14, 2016 · 7768939 · 7768939
2 parents 04025f2 + 8f68ca8
commit 7768939
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/ns/init_linux.go b/ns/init_linux.go
@@ -69,8 +69,10 @@ func NlHandle() *netlink.Handle {
 func getSupportedNlFamilies() []int {
 	fams := []int{syscall.NETLINK_ROUTE}
 	if err := loadXfrmModules(); err != nil {
-		log.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
-		return fams
+		if checkXfrmSocket() != nil {
+			log.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
+			return fams
+		}
 	}
 	return append(fams, syscall.NETLINK_XFRM)
 }
@@ -84,3 +86,13 @@ func loadXfrmModules() error {
 	}
 	return nil
 }
+
+// API check on required xfrm modules (xfrm_user, xfrm_algo)
+func checkXfrmSocket() error {
+	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
+	if err != nil {
+		return err
+	}
+	syscall.Close(fd)
+	return nil
+}