[pve-devel] [PATCH container] configure IPv6AcceptRA in systemd-networkd files
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Sep 25 09:11:04 CEST 2018
On 9/13/18 9:53 AM, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
> src/PVE/LXC/Setup/Base.pm | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
> index 2fd04ac..f5f8b0d 100644
> --- a/src/PVE/LXC/Setup/Base.pm
> +++ b/src/PVE/LXC/Setup/Base.pm
> @@ -242,6 +242,7 @@ DATA
> my @DHCPMODES = ('none', 'v4', 'v6', 'both');
> my ($NONE, $DHCP4, $DHCP6, $BOTH) = (0, 1, 2, 3);
> my $dhcp = $NONE;
> + my $accept_ra = 'false';
>
> if (defined(my $ip = $d->{ip})) {
> if ($ip eq 'dhcp') {
> @@ -261,12 +262,15 @@ DATA
> if (defined(my $ip = $d->{ip6})) {
> if ($ip eq 'dhcp') {
> $dhcp |= $DHCP6;
> + } elsif ($ip eq 'auto') {
> + $accept_ra = 'true';
> } elsif ($ip ne 'manual') {
> $has_ipv6 = 1;
> $data .= "Address = $ip\n";
> }
> }
> if (defined(my $gw = $d->{gw6})) {
> + $accept_ra = 'false';
> $data .= "Gateway = $gw\n";
> if ($has_ipv6 && !PVE::Network::is_ip_in_cidr($gw, $d->{ip6}, 6) &&
> !PVE::Network::is_ip_in_cidr($gw, 'fe80::/10', 6)) {
> @@ -275,6 +279,7 @@ DATA
> }
>
> $data .= "DHCP = $DHCPMODES[$dhcp]\n";
> + $data .= "IPv6AcceptRA = $accept_ra\n";
> $data .= $routes if $routes;
>
> $self->ct_file_set_contents($filename, $data);
>
In general OK, this may change things for existing CT - if I understand correctly:
> Enable or disable IPv6 Router Advertisement (RA) reception support for
> the interface. Takes a boolean parameter. If true, RAs are accepted; if
> false, RAs are ignored, independently of the local forwarding state.
> When _not set_, the _kernel default is used_, and RAs are _accepted only
> when local forwarding is disabled for that interface_. When RAs are
> accepted, they may trigger the start of the DHCPv6 client if the
> relevant flags are set in the RA data, or if no routers are found on the
> link.
-- man systemd.network (emphasis added)
also looking at 'man 5 interfaces' it seems that distros using Debian like
networking may need this too, if auto is set they have RA enabled by default,
but only on non-forwarding interfaces. So same status as with systemd.network
before your patch, I guess.
The side effects from your patch, i.e., explicitly disabling it where it
may not have been disabled before, may only be an issue if a CTs network
configuration is wrong, in the sense that something else then the wanted
behaviour was setup. So I'm OK with that.
Should we do this on Debian-like CTs too? The explicit disabling?
More information about the pve-devel
mailing list