Skip to content

Commit 76307bf

Browse files
dcbwdcbw
authored
Merge pull request #695 from MikeZappa87/issue/680/explicitdaddisable
Explicitly Disable Duplicate Address Detection For Container Side Veth
2 parents 42268a4 + ba47b49 commit 76307bf

File tree

1 file changed

+6
-26
lines changed

1 file changed

+6
-26
lines changed

plugins/main/bridge/bridge.go

Lines changed: 6 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ import (
1818
"encoding/json"
1919
"errors"
2020
"fmt"
21-
"io/ioutil"
2221
"net"
2322
"os"
2423
"runtime"
@@ -57,6 +56,7 @@ type NetConf struct {
5756
PromiscMode bool `json:"promiscMode"`
5857
Vlan int `json:"vlan"`
5958
MacSpoofChk bool `json:"macspoofchk,omitempty"`
59+
EnableDad bool `json:"enabledad,omitempty"`
6060

6161
Args struct {
6262
Cni BridgeArgs `json:"cni,omitempty"`
@@ -402,20 +402,6 @@ func setupBridge(n *NetConf) (*netlink.Bridge, *current.Interface, error) {
402402
}, nil
403403
}
404404

405-
// disableIPV6DAD disables IPv6 Duplicate Address Detection (DAD)
406-
// for an interface, if the interface does not support enhanced_dad.
407-
// We do this because interfaces with hairpin mode will see their own DAD packets
408-
func disableIPV6DAD(ifName string) error {
409-
// ehanced_dad sends a nonce with the DAD packets, so that we can safely
410-
// ignore ourselves
411-
enh, err := ioutil.ReadFile(fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/enhanced_dad", ifName))
412-
if err == nil && string(enh) == "1\n" {
413-
return nil
414-
}
415-
f := fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/accept_dad", ifName)
416-
return ioutil.WriteFile(f, []byte("0"), 0644)
417-
}
418-
419405
func enableIPForward(family int) error {
420406
if family == netlink.FAMILY_V4 {
421407
return ip.EnableIP4Forward()
@@ -516,18 +502,12 @@ func cmdAdd(args *skel.CmdArgs) error {
516502

517503
// Configure the container hardware address and IP address(es)
518504
if err := netns.Do(func(_ ns.NetNS) error {
519-
// Disable IPv6 DAD just in case hairpin mode is enabled on the
520-
// bridge. Hairpin mode causes echos of neighbor solicitation
521-
// packets, which causes DAD failures.
522-
for _, ipc := range result.IPs {
523-
if ipc.Address.IP.To4() == nil && (n.HairpinMode || n.PromiscMode) {
524-
if err := disableIPV6DAD(args.IfName); err != nil {
525-
return err
526-
}
527-
break
528-
}
505+
if n.EnableDad {
506+
_, _ = sysctl.Sysctl(fmt.Sprintf("/net/ipv6/conf/%s/enhanced_dad", args.IfName), "1")
507+
_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_dad", args.IfName), "1")
508+
} else {
509+
_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_dad", args.IfName), "0")
529510
}
530-
531511
_, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv4/conf/%s/arp_notify", args.IfName), "1")
532512

533513
// Add the IP to the interface

0 commit comments

Comments
 (0)