[lxc-devel] [lxd/master] lxd/container_lxc: Adds IPVLAN L3S mode l2proxy sysctl checks

tomponline on Github lxc-bot at linuxcontainers.org
Wed May 15 10:00:01 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 361 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190515/31540109/attachment-0001.bin>
-------------- next part --------------
From 1fef999cb68fc65c294ba91fdc9d57178be83918 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 15 May 2019 10:58:38 +0100
Subject: [PATCH] lxd/container_lxc: Adds IPVLAN L3S mode l2proxy sysctl checks

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/container_lxc.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 59e6ff453f..e99ff63280 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1921,6 +1921,12 @@ func (c *containerLXC) initLXCIPVLAN(cc *lxc.Container, networkKeyPrefix string,
 	}
 
 	if m["ipv4.address"] != "" {
+		//Check necessary sysctls are configured for use with l2proxy parent in IPVLAN l3s mode.
+		sysctlVal, err := networkSysctlGet(fmt.Sprintf("ipv4/conf/%s/forwarding", m["parent"]))
+		if sysctlVal != "1\n" {
+			return fmt.Errorf("IPVLAN in L3S mode requires sysctl net.ipv4.conf.%s.forwarding=1", m["parent"])
+		}
+
 		for _, addr := range strings.Split(m["ipv4.address"], ",") {
 			addr = strings.TrimSpace(addr)
 			err = lxcSetConfigItem(cc, fmt.Sprintf("%s.%d.ipv4.address", networkKeyPrefix, networkidx), fmt.Sprintf("%s/32", addr))
@@ -1936,6 +1942,17 @@ func (c *containerLXC) initLXCIPVLAN(cc *lxc.Container, networkKeyPrefix string,
 	}
 
 	if m["ipv6.address"] != "" {
+		//Check necessary sysctls are configured for use with l2proxy parent in IPVLAN l3s mode.
+		sysctlVal, err := networkSysctlGet(fmt.Sprintf("ipv6/conf/%s/forwarding", m["parent"]))
+		if sysctlVal != "1\n" {
+			return fmt.Errorf("IPVLAN in L3S mode requires sysctl net.ipv6.conf.%s.forwarding=1", m["parent"])
+		}
+
+		sysctlVal, err = networkSysctlGet(fmt.Sprintf("ipv6/conf/%s/proxy_ndp", m["parent"]))
+		if sysctlVal != "1\n" {
+			return fmt.Errorf("IPVLAN in L3S mode requires sysctl net.ipv6.conf.%s.proxy_ndp=1", m["parent"])
+		}
+
 		for _, addr := range strings.Split(m["ipv6.address"], ",") {
 			addr = strings.TrimSpace(addr)
 			err = lxcSetConfigItem(cc, fmt.Sprintf("%s.%d.ipv6.address", networkKeyPrefix, networkidx), fmt.Sprintf("%s/128", addr))

More information about the lxc-devel mailing list