]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d169725)
Disable IPv6 link-local addresses for bridged veth 4169/head
authorCole Miller <m@cole-miller.net>
Fri, 15 Jul 2022 17:52:52 +0000 (13:52 -0400)
committerStéphane Graber <stgraber@stgraber.org>
Mon, 11 Dec 2023 02:37:22 +0000 (21:37 -0500)
When creating a bridged veth tunnel, disable assignment of IPv6
link-local addresses on the host's end by writing 1 to
/proc/sys/net/ipv6/conf/NAME/disable_ipv6, if it exists.

Signed-off-by: Cole Miller <m@cole-miller.net>
src/lxc/network.c patch | blob | blame | history

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 3fa0bb457e875ac67913ef80a0b39f9d770cfcfd..94a1a6c55b9df7c9fe0d6599c5ee6815f6e07613 100644 (file)
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -608,10 +608,10 @@ static int setup_veth_ovs_bridge_vlan(char *veth1, struct lxc_netdev *netdev)
 
 static int netdev_configure_server_veth(struct lxc_handler *handler, struct lxc_netdev *netdev)
 {
-       int err;
+       int err, disable_ipv6_fd;
        unsigned int mtu = 1500;
        char *veth1, *veth2;
-       char veth1buf[IFNAMSIZ], veth2buf[IFNAMSIZ];
+       char veth1buf[IFNAMSIZ], veth2buf[IFNAMSIZ], path[PATH_MAX];
 
        err = validate_veth(netdev);
        if (err)
@@ -707,6 +707,23 @@ static int netdev_configure_server_veth(struct lxc_handler *handler, struct lxc_
        }
 
        if (!is_empty_string(netdev->link) && netdev->priv.veth_attr.mode == VETH_MODE_BRIDGE) {
+               /* Disable link-local IPv6 addresses for the host's end of the veth. */
+               snprintf(path, PATH_MAX, "/proc/sys/net/ipv6/conf/%s/disable_ipv6", veth1);
+               disable_ipv6_fd = open(path, O_RDWR);
+
+               /* Don't error if the file doesn't exist. */
+               if (disable_ipv6_fd < 0 && errno != ENOENT) {
+                       SYSERROR("Failed to disable IPv6 link-local addresses for veth pair \"%s\"", veth1);
+                       goto out_delete;
+               }
+
+               err = write(disable_ipv6_fd, "1", 1);
+               if (err < 0) {
+                       SYSERROR("Failed to disable IPv6 link-local addresses for veth pair \"%s\"", veth1);
+                       goto out_delete;
+               }
+               close(disable_ipv6_fd);
+
                if (!lxc_nic_exists(netdev->link)) {
                        SYSERROR("Failed to attach \"%s\" to bridge \"%s\", bridge interface doesn't exist", veth1, netdev->link);
                        goto out_delete;
Mirror of https://github.com/lxc/lxc.git