From 7797aa5d76d6aca9db27fa8a4544482b79dd884d Mon Sep 17 00:00:00 2001
From: Joe Stringer <joe@cilium.io>
Date: Wed, 25 Sep 2019 15:15:35 -0700
Subject: [PATCH] health: Configure sysctl when IPv6 is disabled

When IPv6 is disabled, ensure that the health endpoint's device is
configured to disable IPv6 so that it doesn't emit any IPv6 autoconf
frames or similar.

Signed-off-by: Joe Stringer <joe@cilium.io>
---
 cilium-health/launch/endpoint.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cilium-health/launch/endpoint.go b/cilium-health/launch/endpoint.go
index c064d250068b0..60928cf29f026 100644
--- a/cilium-health/launch/endpoint.go
+++ b/cilium-health/launch/endpoint.go
@@ -41,6 +41,7 @@ import (
 	"github.com/cilium/cilium/pkg/node"
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/pidfile"
+	"github.com/cilium/cilium/pkg/sysctl"
 
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/vishvananda/netlink"
@@ -120,7 +121,12 @@ func configureHealthInterface(netNS ns.NetNS, ifName string, ip4Addr, ip6Addr *n
 			return err
 		}
 
-		if ip6Addr != nil {
+		if ip6Addr == nil {
+			name := fmt.Sprintf("net.ipv6.conf.%s.disable_ipv6", ifName)
+			// Ignore the error; if IPv6 is completely disabled
+			// then it's okay if we can't write the sysctl.
+			_ = sysctl.Write(name, "1")
+		} else {
 			if err = netlink.AddrAdd(link, &netlink.Addr{IPNet: ip6Addr}); err != nil {
 				return err
 			}