Merge pull request #260 from squat/allow_disabling_ipv6

iptables: allow disabling IPv6
2022-01-04 13:17:13 +01:00 · 2022-01-04 13:17:13 +01:00 · 1f8c736ba4
commit 1f8c736ba4
parent 6a5643287e 57a89b49ff
1 changed files with 29 additions and 3 deletions
--- a/pkg/iptables/iptables.go
+++ b/pkg/iptables/iptables.go
@ -16,7 +16,9 @@ package iptables

 import (
 	"fmt"
+	"io"
 	"net"
+	"os"
 	"sync"
 	"time"

@ -25,6 +27,21 @@ import (
 	"github.com/go-kit/kit/log/level"
 )

+const ipv6ModuleDisabledPath = "/sys/module/ipv6/parameters/disable"
+
+func ipv6Disabled() (bool, error) {
+	f, err := os.Open(ipv6ModuleDisabledPath)
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+	disabled := make([]byte, 1)
+	if _, err = io.ReadFull(f, disabled); err != nil {
+		return false, err
+	}
+	return disabled[0] == '1', nil
+}
+
 // Protocol represents an IP protocol.
 type Protocol byte

@ -253,11 +270,20 @@ func New(opts ...ControllerOption) (*Controller, error) {
 		c.v4 = v4
 	}
 	if c.v6 == nil {
-		v6, err := iptables.NewWithProtocol(iptables.ProtocolIPv6)
+		disabled, err := ipv6Disabled()
 		if err != nil {
-			return nil, fmt.Errorf("failed to create iptables IPv6 client: %v", err)
+			return nil, fmt.Errorf("failed to check IPv6 status: %v", err)
+		}
+		if disabled {
+			level.Info(c.logger).Log("msg", "IPv6 is disabled in the kernel; disabling the IPv6 iptables controller")
+			c.v6 = &fakeClient{}
+		} else {
+			v6, err := iptables.NewWithProtocol(iptables.ProtocolIPv6)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create iptables IPv6 client: %v", err)
+			}
+			c.v6 = v6
 		}
-		c.v6 = v6
 	}
 	return c, nil
 }