[lxc-devel] [lxd/master] NIC Bridged: Disables IPv6 on bridged host side interface

tomponline on Github lxc-bot at linuxcontainers.org
Mon Mar 30 17:23:58 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 477 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200330/8e2a66d7/attachment.bin>
-------------- next part --------------
From 9716f03bd2914721e9eadd3a3048b94a6cbe9046 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Mon, 30 Mar 2020 18:22:45 +0100
Subject: [PATCH] lxd/device/nic/bridged: Disables IPv6 on bridged host side
 interface

Prevents host-side interface getting IPv6 link-local address which isn't needed as interface is added to bridge.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/device/nic_bridged.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lxd/device/nic_bridged.go b/lxd/device/nic_bridged.go
index 54271695e9..5807c82274 100644
--- a/lxd/device/nic_bridged.go
+++ b/lxd/device/nic_bridged.go
@@ -213,6 +213,13 @@ func (d *nicBridged) Start() (*deviceConfig.RunConfig, error) {
 		return nil, err
 	}
 
+	// Disable IPv6 on host-side veth interface (prevents host-side interface getting link-local address)
+	// which isn't needed because the host-side interface is connected to a bridge.
+	err = util.SysctlSet(fmt.Sprintf("net/ipv6/conf/%s/disable_ipv6", saveData["host_name"]), "1")
+	if err != nil && !os.IsNotExist(err) {
+		return nil, err
+	}
+
 	// Apply and host-side network filters (uses enriched host_name from networkSetupHostVethDevice).
 	err = d.setupHostFilters(nil)
 	if err != nil {


More information about the lxc-devel mailing list