Merge pull request #885 from lmm/automated-cherry-pick-of-#884-upstre…

…am-release-v3.8 Automated cherry pick of #884: Disable accept_ra for the host veth
projectcalico · May 22, 2020 · bb643f6 · bb643f6
2 parents a5a421e + d5203b4
commit bb643f6
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/internal/pkg/utils/network_linux.go b/internal/pkg/utils/network_linux.go
@@ -257,7 +257,7 @@ func DoNetworking(
 		return "", "", err
 	}
 
-	err = configureSysctls(hostVethName, hasIPv4, hasIPv6)
+	err = configureSysctls(logger, hostVethName, hasIPv4, hasIPv6)
 	if err != nil {
 		return "", "", fmt.Errorf("error configuring sysctls for interface: %s, error: %s", hostVethName, err)
 	}
@@ -332,7 +332,7 @@ func SetupRoutes(hostVeth netlink.Link, result *current.Result) error {
 }
 
 // configureSysctls configures necessary sysctls required for the host side of the veth pair for IPv4 and/or IPv6.
-func configureSysctls(hostVethName string, hasIPv4, hasIPv6 bool) error {
+func configureSysctls(logger *logrus.Entry, hostVethName string, hasIPv4, hasIPv6 bool) error {
 	var err error
 
 	if hasIPv4 {
@@ -380,6 +380,10 @@ func configureSysctls(hostVethName string, hasIPv4, hasIPv6 bool) error {
 		}
 	}
 
+	if err = writeProcSys(fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/accept_ra", hostVethName), "0"); err != nil {
+		logger.Warnf("failed to set net.ipv6.conf.%s.accept_ra=0: %s", hostVethName, err)
+	}
+
 	return nil
 }