rpms / containernetworking-plugins

Clone
Source Code
GIT

Files

  1.   b5ae5bfb0ded21daa3f99dd3ca19181733dfbf1c
  2.   SOURCES
  3.   containernetworking-plugins-1833220.patch
Blob Blame History Raw 
From 219eb9e0464761c47383d239aba206da695e1a43 Mon Sep 17 00:00:00 2001
From: Casey Callendrello <cdc@redhat.com>
Date: Tue, 12 May 2020 15:34:11 +0200
Subject: [PATCH] ptp, bridge: disable accept_ra on the host-side interface

The interface plugins should have absolute control over their addressing
and routing.

Signed-off-by: Casey Callendrello <cdc@redhat.com>
---
 pkg/ip/link_linux.go          | 9 +++++++--
 plugins/main/bridge/bridge.go | 4 ++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkg/ip/link_linux.go b/pkg/ip/link_linux.go
index 9bd7f471..f8781cf1 100644
--- a/pkg/ip/link_linux.go
+++ b/pkg/ip/link_linux.go
@@ -21,10 +21,12 @@ import (
 	"net"
 	"os"
 
-	"github.com/containernetworking/plugins/pkg/ns"
-	"github.com/containernetworking/plugins/pkg/utils/hwaddr"
 	"github.com/safchain/ethtool"
 	"github.com/vishvananda/netlink"
+
+	"github.com/containernetworking/plugins/pkg/ns"
+	"github.com/containernetworking/plugins/pkg/utils/hwaddr"
+	"github.com/containernetworking/plugins/pkg/utils/sysctl"
 )
 
 var (
@@ -158,6 +160,9 @@ func SetupVethWithName(contVethName, hostVethName string, mtu int, hostNS ns.Net
 		if err = netlink.LinkSetUp(hostVeth); err != nil {
 			return fmt.Errorf("failed to set %q up: %v", hostVethName, err)
 		}
+
+		// we want to own the routes for this interface
+		_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", hostVethName), "0")
 		return nil
 	})
 	if err != nil {
diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go
index 13d5cc33..c6a0690d 100644
--- a/plugins/main/bridge/bridge.go
+++ b/plugins/main/bridge/bridge.go
@@ -36,6 +36,7 @@ import (
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containernetworking/plugins/pkg/utils"
 	bv "github.com/containernetworking/plugins/pkg/utils/buildversion"
+	"github.com/containernetworking/plugins/pkg/utils/sysctl"
 )
 
 // For testcases to force an error after IPAM has been performed
@@ -248,6 +249,9 @@ func ensureBridge(brName string, mtu int, promiscMode, vlanFiltering bool) (*net
 		return nil, err
 	}
 
+	// we want to own the routes for this interface
+	_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", brName), "0")
+
 	if err := netlink.LinkSetUp(br); err != nil {
 		return nil, err
 	}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation