rpms / containernetworking-plugins

Clone
Source Code
GIT

Blame SOURCES/containernetworking-plugins-1833220.patch

c7-alt c7-extras c8-beta-stream-1.0 c8-beta-stream-2.0 c8-beta-stream-3.0 c8-beta-stream-4.0 c8-beta-stream-rhel8 c8-stream-1.0 c8-stream-2.0 c8-stream-3.0 c8-stream-4.0 c8-stream-rhel8 c8s-stream-1.0 c8s-stream-2.0 c8s-stream-3.0 c8s-stream-4.0 c8s-stream-rhel8 c9 c9-beta c9-beta-stream-latest
  1.   c7-extras
  2.   SOURCES
  3.   containernetworking-plugins-1833220.patch
Blob History Raw
b5ae5b 
From 219eb9e0464761c47383d239aba206da695e1a43 Mon Sep 17 00:00:00 2001
b5ae5b 
From: Casey Callendrello <cdc@redhat.com>
b5ae5b 
Date: Tue, 12 May 2020 15:34:11 +0200
b5ae5b 
Subject: [PATCH] ptp, bridge: disable accept_ra on the host-side interface
b5ae5b
b5ae5b 
The interface plugins should have absolute control over their addressing
b5ae5b 
and routing.
b5ae5b
b5ae5b 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
b5ae5b 
---
b5ae5b 
 pkg/ip/link_linux.go          | 9 +++++++--
b5ae5b 
 plugins/main/bridge/bridge.go | 4 ++++
b5ae5b 
 2 files changed, 11 insertions(+), 2 deletions(-)
b5ae5b
b5ae5b 
diff --git a/pkg/ip/link_linux.go b/pkg/ip/link_linux.go
b5ae5b 
index 9bd7f471..f8781cf1 100644
b5ae5b 
--- a/pkg/ip/link_linux.go
b5ae5b 
+++ b/pkg/ip/link_linux.go
b5ae5b 
@@ -21,10 +21,12 @@ import (
b5ae5b 
 	"net"
b5ae5b 
 	"os"
b5ae5b
b5ae5b 
-	"github.com/containernetworking/plugins/pkg/ns"
b5ae5b 
-	"github.com/containernetworking/plugins/pkg/utils/hwaddr"
b5ae5b 
 	"github.com/safchain/ethtool"
b5ae5b 
 	"github.com/vishvananda/netlink"
b5ae5b 
+
b5ae5b 
+	"github.com/containernetworking/plugins/pkg/ns"
b5ae5b 
+	"github.com/containernetworking/plugins/pkg/utils/hwaddr"
b5ae5b 
+	"github.com/containernetworking/plugins/pkg/utils/sysctl"
b5ae5b 
 )
b5ae5b
b5ae5b 
 var (
b5ae5b 
@@ -158,6 +160,9 @@ func SetupVethWithName(contVethName, hostVethName string, mtu int, hostNS ns.Net
b5ae5b 
 		if err = netlink.LinkSetUp(hostVeth); err != nil {
b5ae5b 
 			return fmt.Errorf("failed to set %q up: %v", hostVethName, err)
b5ae5b 
 		}
b5ae5b 
+
b5ae5b 
+		// we want to own the routes for this interface
b5ae5b 
+		_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", hostVethName), "0")
b5ae5b 
 		return nil
b5ae5b 
 	})
b5ae5b 
 	if err != nil {
b5ae5b 
diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go
b5ae5b 
index 13d5cc33..c6a0690d 100644
b5ae5b 
--- a/plugins/main/bridge/bridge.go
b5ae5b 
+++ b/plugins/main/bridge/bridge.go
b5ae5b 
@@ -36,6 +36,7 @@ import (
b5ae5b 
 	"github.com/containernetworking/plugins/pkg/ns"
b5ae5b 
 	"github.com/containernetworking/plugins/pkg/utils"
b5ae5b 
 	bv "github.com/containernetworking/plugins/pkg/utils/buildversion"
b5ae5b 
+	"github.com/containernetworking/plugins/pkg/utils/sysctl"
b5ae5b 
 )
b5ae5b
b5ae5b 
 // For testcases to force an error after IPAM has been performed
b5ae5b 
@@ -248,6 +249,9 @@ func ensureBridge(brName string, mtu int, promiscMode, vlanFiltering bool) (*net
b5ae5b 
 		return nil, err
b5ae5b 
 	}
b5ae5b
b5ae5b 
+	// we want to own the routes for this interface
b5ae5b 
+	_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", brName), "0")
b5ae5b 
+
b5ae5b 
 	if err := netlink.LinkSetUp(br); err != nil {
b5ae5b 
 		return nil, err
b5ae5b 
 	}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation