From b489beb365f9ab0e3aeafb7142f37fc94f072deb Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Thu, 21 Sep 2023 16:49:23 -0400 Subject: [PATCH] Remove an old compatibility check/warning It was IPv4-specific but nobody ever noticed this or reported the lack of IPv6 check as a problem, suggesting that it is no longer needed. --- pkg/proxy/iptables/proxier.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index e8442ff9632..e8c252ccd58 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -91,7 +91,6 @@ const ( ) const sysctlRouteLocalnet = "net/ipv4/conf/all/route_localnet" -const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables" const sysctlNFConntrackTCPBeLiberal = "net/netfilter/nf_conntrack_tcp_be_liberal" // internal struct for string service information @@ -254,12 +253,6 @@ func NewProxier(ipFamily v1.IPFamily, conntrackTCPLiberal = true klog.InfoS("nf_conntrack_tcp_be_liberal set, not installing DROP rules for INVALID packets") } - // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers - // are connected to a Linux bridge (but not SDN bridges). Until most - // plugins handle this, log when config is missing - if val, err := sysctl.GetSysctl(sysctlBridgeCallIPTables); err == nil && val != 1 { - klog.InfoS("Missing br-netfilter module or unset sysctl br-nf-call-iptables, proxy may not work as intended") - } // Generate the masquerade mark to use for SNAT rules. masqueradeValue := 1 << uint(masqueradeBit)