diff options
| author | Cédric Bosdonnat <cbosdonnat@suse.com> | 2017-03-03 14:14:51 +0100 |
|---|---|---|
| committer | Cédric Bosdonnat <cbosdonnat@suse.com> | 2017-03-22 09:01:33 +0100 |
| commit | 00d28a78b5d1f6eaf79f06ac59e31c568af9da37 (patch) | |
| tree | 700e9adaff66a8cf144c455881528cf160ab20e4 /src/network | |
| parent | 5dd607059d8a98e04024305ae4afbd038aadbdcd (diff) | |
| download | libvirt-00d28a78b5d1f6eaf79f06ac59e31c568af9da37.tar.gz | |
network: check accept_ra before enabling ipv6 forwarding
When enabling IPv6 on all interfaces, we may get the host Router
Advertisement routes discarded. To avoid this, the user needs to set
accept_ra to 2 for the interfaces with such routes.
See https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
on this topic.
To avoid user mistakenly losing routes on their hosts, check
accept_ra values before enabling IPv6 forwarding. If a RA route is
detected, but neither the corresponding device nor global accept_ra
is set to 2, the network will fail to start.
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/bridge_driver.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 4d1a44516b..a753cd78b0 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -61,6 +61,7 @@ #include "virlog.h" #include "virdnsmasq.h" #include "configmake.h" +#include "virnetlink.h" #include "virnetdev.h" #include "virnetdevip.h" #include "virnetdevbridge.h" @@ -2389,11 +2390,16 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver, } /* If forward.type != NONE, turn on global IP forwarding */ - if (network->def->forward.type != VIR_NETWORK_FORWARD_NONE && - networkEnableIPForwarding(v4present, v6present) < 0) { - virReportSystemError(errno, "%s", - _("failed to enable IP forwarding")); - goto err3; + if (network->def->forward.type != VIR_NETWORK_FORWARD_NONE) { + if (!virNetDevIPCheckIPv6Forwarding()) + goto err3; /* Precise error message already provided */ + + + if (networkEnableIPForwarding(v4present, v6present) < 0) { + virReportSystemError(errno, "%s", + _("failed to enable IP forwarding")); + goto err3; + } } |