From e2088ef401a794e686c4bc1882ec63a37e8a4f3c Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Wed, 13 May 2020 15:01:37 +0000 Subject: [PATCH] Disable accept_ra setting on interfaces we create --- net/bridge.go | 4 ++++ net/veth.go | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/net/bridge.go b/net/bridge.go index d36bad115a..0cf0e17bf2 100644 --- a/net/bridge.go +++ b/net/bridge.go @@ -279,6 +279,10 @@ func EnsureBridge(procPath string, config *BridgeConfig, log *logrus.Logger, ips return bridgeType, errors.Wrap(err, "setting proxy_arp") } } + // No ipv6 router advertisments please + if err := sysctl(procPath, "net/ipv6/conf/"+config.WeaveBridgeName+"/accept_ra", "0"); err != nil { + return bridgeType, errors.Wrap(err, "setting accept_ra to 0") + } if err := linkSetUpByName(config.WeaveBridgeName); err != nil { return bridgeType, err diff --git a/net/veth.go b/net/veth.go index a022292fb7..aa21ff9a76 100644 --- a/net/veth.go +++ b/net/veth.go @@ -49,6 +49,13 @@ func CreateAndAttachVeth(procPath, name, peerName, bridgeName string, mtu int, k if err := bridgeType.attach(veth); err != nil { return cleanup("attaching veth %q to %q: %s", name, bridgeName, err) } + // No ipv6 router advertisments please + if err := sysctl(procPath, "net/ipv6/conf/"+name+"/accept_ra", "0"); err != nil { + return cleanup("setting accept_ra to 0: %s", err) + } + if err := sysctl(procPath, "net/ipv6/conf/"+peerName+"/accept_ra", "0"); err != nil { + return cleanup("setting accept_ra to 0: %s", err) + } if !bridgeType.IsFastdp() && !keepTXOn { if err := EthtoolTXOff(veth.PeerName); err != nil { return cleanup(`unable to set tx off on %q: %s`, peerName, err)