From 959807b86acbfdabf6094822dd2a39da0bb918ee Mon Sep 17 00:00:00 2001
From: Laurence Man <laurence@tigera.io>
Date: Fri, 22 May 2020 13:34:32 -0700
Subject: [PATCH] Automated cherry pick of #2345: Disable accept_ra in
 workloads (#2346)

* Disable accept_ra in workloads

* Revert special-casing for OpenStack

* Only log on err

Co-authored-by: Neil Jerram <neil@tigera.io>
---
 dataplane/linux/endpoint_mgr.go      | 8 ++++++++
 dataplane/linux/endpoint_mgr_test.go | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/dataplane/linux/endpoint_mgr.go b/dataplane/linux/endpoint_mgr.go
index 6f01db3073..70d4c27c68 100644
--- a/dataplane/linux/endpoint_mgr.go
+++ b/dataplane/linux/endpoint_mgr.go
@@ -938,6 +938,14 @@ func (m *endpointManager) configureInterface(name string) error {
 			"Skipping configuration of interface because it is oper down.")
 		return nil
 	}
+
+	// Try setting accept_ra to 0 and just log if it failed (it might fail if IPv6
+	// was disabled).
+	err := m.writeProcSys(fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/accept_ra", name), "0")
+	if err != nil {
+		log.WithField("ifaceName", name).Warnf("Could not set accept_ra: %v", err)
+	}
+
 	log.WithField("ifaceName", name).Info(
 		"Applying /proc/sys configuration to interface.")
 	if m.ipVersion == 4 {
diff --git a/dataplane/linux/endpoint_mgr_test.go b/dataplane/linux/endpoint_mgr_test.go
index 957c21f4f0..9a98949b46 100644
--- a/dataplane/linux/endpoint_mgr_test.go
+++ b/dataplane/linux/endpoint_mgr_test.go
@@ -1452,11 +1452,13 @@ func endpointManagerTests(ipVersion uint8) func() {
 					It("should write /proc/sys entries", func() {
 						if ipVersion == 6 {
 							mockProcSys.checkState(map[string]string{
+								"/proc/sys/net/ipv6/conf/cali12345-ab/accept_ra":  "0",
 								"/proc/sys/net/ipv6/conf/cali12345-ab/proxy_ndp":  "1",
 								"/proc/sys/net/ipv6/conf/cali12345-ab/forwarding": "1",
 							})
 						} else {
 							mockProcSys.checkState(map[string]string{
+								"/proc/sys/net/ipv6/conf/cali12345-ab/accept_ra":      "0",
 								"/proc/sys/net/ipv4/conf/cali12345-ab/forwarding":     "1",
 								"/proc/sys/net/ipv4/conf/cali12345-ab/rp_filter":      "1",
 								"/proc/sys/net/ipv4/conf/cali12345-ab/route_localnet": "1",