Experimental! Reload nftables on SIGHUP

Signed-off-by: Rob Murray <[email protected]>

Author: robmry

libnetwork/drivers/bridge/internal/nftabler/nftabler.go

@@ -5,10 +5,13 @@ package nftabler
 import (
 	"context"
 	"fmt"
+	"os"
+	"os/signal"
 
 	"github.com/docker/docker/libnetwork/drivers/bridge/internal/firewaller"
 	"github.com/docker/docker/libnetwork/internal/nftables"
 	"go.opentelemetry.io/otel"
+	"golang.org/x/sys/unix"
 )
 
 // Prefix for OTEL span names.
@@ -81,6 +84,20 @@ func NewNftabler(ctx context.Context, config firewaller.Config) (firewaller.Fire
 		}
 	}
 
+	// FIXME(robmry) - locking!
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, unix.SIGHUP)
+	go func() {
+		for range c {
+			if nft.config.IPv4 {
+				nft.table4.Reload(ctx)
+			}
+			if nft.config.IPv6 {
+				nft.table6.Reload(ctx)
+			}
+		}
+	}()
+
 	return nft, nil
 }