From cf65861f599e9c17fd1571d13f01c240389db23f Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Wed, 13 Apr 2016 09:52:25 -0700
Subject: [PATCH] Overlay driver to check for chain presence

- When creating and programming the global overlay chain,
  gracefully handle the case where the chain already exists.
  Today the driver logs an Error and does not attempt to insert
  the return rule if the chain is already present.

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 libnetwork/drivers/overlay/filter.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/libnetwork/drivers/overlay/filter.go b/libnetwork/drivers/overlay/filter.go
index 0a69c6715b..2bf76b33a5 100644
--- a/libnetwork/drivers/overlay/filter.go
+++ b/libnetwork/drivers/overlay/filter.go
@@ -21,14 +21,18 @@ func chainExists(cname string) bool {
 }
 
 func setupGlobalChain() {
-	if err := iptables.RawCombinedOutput("-N", globalChain); err != nil {
-		logrus.Errorf("could not create global overlay chain: %v", err)
-		return
+	// Because of an ungraceful shutdown, chain could already be present
+	if !chainExists(globalChain) {
+		if err := iptables.RawCombinedOutput("-N", globalChain); err != nil {
+			logrus.Errorf("could not create global overlay chain: %v", err)
+			return
+		}
 	}
 
-	if err := iptables.RawCombinedOutput("-A", globalChain, "-j", "RETURN"); err != nil {
-		logrus.Errorf("could not install default return chain in the overlay global chain: %v", err)
-		return
+	if !iptables.Exists(iptables.Filter, globalChain, "-j", "RETURN") {
+		if err := iptables.RawCombinedOutput("-A", globalChain, "-j", "RETURN"); err != nil {
+			logrus.Errorf("could not install default return chain in the overlay global chain: %v", err)
+		}
 	}
 }