Skip to content

Commit

Permalink
Automated cherry pick of #2345: Disable accept_ra in workloads (#2346)
Browse files Browse the repository at this point in the history
* Disable accept_ra in workloads

* Revert special-casing for OpenStack

* Only log on err

Co-authored-by: Neil Jerram <neil@tigera.io>
  • Loading branch information
lmm and Neil Jerram authored May 22, 2020
1 parent e29c6c7 commit 959807b
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
8 changes: 8 additions & 0 deletions dataplane/linux/endpoint_mgr.go
Original file line number Diff line number Diff line change
Expand Up @@ -938,6 +938,14 @@ func (m *endpointManager) configureInterface(name string) error {
"Skipping configuration of interface because it is oper down.")
return nil
}

// Try setting accept_ra to 0 and just log if it failed (it might fail if IPv6
// was disabled).
err := m.writeProcSys(fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/accept_ra", name), "0")
if err != nil {
log.WithField("ifaceName", name).Warnf("Could not set accept_ra: %v", err)
}

log.WithField("ifaceName", name).Info(
"Applying /proc/sys configuration to interface.")
if m.ipVersion == 4 {
Expand Down
2 changes: 2 additions & 0 deletions dataplane/linux/endpoint_mgr_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1452,11 +1452,13 @@ func endpointManagerTests(ipVersion uint8) func() {
It("should write /proc/sys entries", func() {
if ipVersion == 6 {
mockProcSys.checkState(map[string]string{
"/proc/sys/net/ipv6/conf/cali12345-ab/accept_ra": "0",
"/proc/sys/net/ipv6/conf/cali12345-ab/proxy_ndp": "1",
"/proc/sys/net/ipv6/conf/cali12345-ab/forwarding": "1",
})
} else {
mockProcSys.checkState(map[string]string{
"/proc/sys/net/ipv6/conf/cali12345-ab/accept_ra": "0",
"/proc/sys/net/ipv4/conf/cali12345-ab/forwarding": "1",
"/proc/sys/net/ipv4/conf/cali12345-ab/rp_filter": "1",
"/proc/sys/net/ipv4/conf/cali12345-ab/route_localnet": "1",
Expand Down

0 comments on commit 959807b

Please sign in to comment.