Skip to content

Commit

Permalink
Merge pull request #2342 from lmm/automated-cherry-pick-of-#2341-upst…
Browse files Browse the repository at this point in the history
…ream-release-v3.12

Automated cherry pick of #2341: Disable accept_ra in workloads
  • Loading branch information
caseydavenport authored May 22, 2020
2 parents b6377bb + 3e7d8be commit 8498815
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
8 changes: 8 additions & 0 deletions dataplane/linux/endpoint_mgr.go
Original file line number Diff line number Diff line change
Expand Up @@ -1013,6 +1013,14 @@ func (m *endpointManager) configureInterface(name string) error {
"Skipping configuration of interface because it is oper down.")
return nil
}

// Try setting accept_ra to 0 and just log if it failed (it might fail if IPv6
// was disabled).
err := m.writeProcSys(fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/accept_ra", name), "0")
if err != nil {
log.WithField("ifaceName", name).Warnf("Could not set accept_ra: %v", err)
}

log.WithField("ifaceName", name).Info(
"Applying /proc/sys configuration to interface.")
if m.ipVersion == 4 {
Expand Down
2 changes: 2 additions & 0 deletions dataplane/linux/endpoint_mgr_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1575,11 +1575,13 @@ func endpointManagerTests(ipVersion uint8) func() {
It("should write /proc/sys entries", func() {
if ipVersion == 6 {
mockProcSys.checkState(map[string]string{
"/proc/sys/net/ipv6/conf/cali12345-ab/accept_ra": "0",
"/proc/sys/net/ipv6/conf/cali12345-ab/proxy_ndp": "1",
"/proc/sys/net/ipv6/conf/cali12345-ab/forwarding": "1",
})
} else {
mockProcSys.checkState(map[string]string{
"/proc/sys/net/ipv6/conf/cali12345-ab/accept_ra": "0",
"/proc/sys/net/ipv4/conf/cali12345-ab/forwarding": "1",
"/proc/sys/net/ipv4/conf/cali12345-ab/route_localnet": "1",
"/proc/sys/net/ipv4/conf/cali12345-ab/proxy_arp": "1",
Expand Down

0 comments on commit 8498815

Please sign in to comment.