[pve-devel] [PATCH container] configure IPv6AcceptRA in systemd-networkd files

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Sep 25 09:11:04 CEST 2018


On 9/13/18 9:53 AM, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
>  src/PVE/LXC/Setup/Base.pm | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
> index 2fd04ac..f5f8b0d 100644
> --- a/src/PVE/LXC/Setup/Base.pm
> +++ b/src/PVE/LXC/Setup/Base.pm
> @@ -242,6 +242,7 @@ DATA
>  	my @DHCPMODES = ('none', 'v4', 'v6', 'both');
>  	my ($NONE, $DHCP4, $DHCP6, $BOTH) = (0, 1, 2, 3);
>  	my $dhcp = $NONE;
> +	my $accept_ra = 'false';
>  
>  	if (defined(my $ip = $d->{ip})) {
>  	    if ($ip eq 'dhcp') {
> @@ -261,12 +262,15 @@ DATA
>  	if (defined(my $ip = $d->{ip6})) {
>  	    if ($ip eq 'dhcp') {
>  		$dhcp |= $DHCP6;
> +	    } elsif ($ip eq 'auto') {
> +		$accept_ra = 'true';
>  	    } elsif ($ip ne 'manual') {
>  		$has_ipv6 = 1;
>  		$data .= "Address = $ip\n";
>  	    }
>  	}
>  	if (defined(my $gw = $d->{gw6})) {
> +	    $accept_ra = 'false';
>  	    $data .= "Gateway = $gw\n";
>  	    if ($has_ipv6 && !PVE::Network::is_ip_in_cidr($gw, $d->{ip6}, 6) &&
>  		!PVE::Network::is_ip_in_cidr($gw, 'fe80::/10', 6)) {
> @@ -275,6 +279,7 @@ DATA
>  	}
>  
>  	$data .= "DHCP = $DHCPMODES[$dhcp]\n";
> +	$data .= "IPv6AcceptRA = $accept_ra\n";
>  	$data .= $routes if $routes;
>  
>  	$self->ct_file_set_contents($filename, $data);
> 

In general OK, this may change things for existing CT - if I understand correctly:

> Enable or disable IPv6 Router Advertisement (RA) reception support for
> the interface. Takes a boolean parameter. If true, RAs are accepted; if
> false, RAs are ignored, independently of the local forwarding state.
> When _not set_, the _kernel default is used_, and RAs are _accepted only
> when local forwarding is disabled for that interface_. When RAs are
> accepted, they may trigger the start of the DHCPv6 client if the
> relevant flags are set in the RA data, or if no routers are found on the
> link.
-- man systemd.network (emphasis added)

also looking at 'man 5 interfaces' it seems that distros using Debian like
networking may need this too, if auto is set they have RA enabled by default,
but only on non-forwarding interfaces. So same status as with systemd.network
before your patch, I guess.

The side effects from your patch, i.e., explicitly disabling it where it
may not have been disabled before, may only be an issue if a CTs network
configuration is wrong, in the sense that something else then the wanted
behaviour was setup. So I'm OK with that.

Should we do this on Debian-like CTs too? The explicit disabling?




More information about the pve-devel mailing list