From a381aa07d9c0ea586b649420643b4f91b65979d8 Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Mon, 2 Nov 2015 22:04:11 -0500 Subject: [PATCH] Disable IPv6 on bridge devices in LinuxBridgeManager We don't want to create a bridge device with an IPv6 address because it will see the Router Advertisement from Neutron. Conflicts: neutron/agent/linux/bridge_lib.py Change-Id: If59a823804d3477c5d8877f46fcc4c018af57a5a Closes-bug: 1302080 (cherry picked from commit 404eaead793b3192982ae247685970973609be1f) --- neutron/agent/linux/bridge_lib.py | 9 +++++++++ .../linuxbridge/agent/linuxbridge_neutron_agent.py | 2 ++ neutron/tests/unit/agent/linux/test_bridge_lib.py | 4 ++++ .../linuxbridge/agent/test_linuxbridge_neutron_agent.py | 1 + 4 files changed, 16 insertions(+) diff --git a/neutron/agent/linux/bridge_lib.py b/neutron/agent/linux/bridge_lib.py index e8176510f8f..018cccfee3a 100644 --- a/neutron/agent/linux/bridge_lib.py +++ b/neutron/agent/linux/bridge_lib.py @@ -25,6 +25,11 @@ class BridgeDevice(ip_lib.IPDevice): ip_wrapper = ip_lib.IPWrapper(self.namespace) return ip_wrapper.netns.execute(cmd, run_as_root=True) + def _sysctl(self, cmd): + cmd = ['sysctl', '-w'] + cmd + ip_wrapper = ip_lib.IPWrapper(self.namespace) + return ip_wrapper.netns.execute(cmd, run_as_root=True) + @classmethod def addbr(cls, name, namespace=None): bridge = cls(name, namespace) @@ -45,3 +50,7 @@ class BridgeDevice(ip_lib.IPDevice): def disable_stp(self): return self._brctl(['stp', self.name, 'off']) + + def disable_ipv6(self): + cmd = 'net.ipv6.conf.%s.disable_ipv6=1' % self.name + return self._sysctl([cmd]) diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py index f4d1ebcac51..960f9007498 100644 --- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py +++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py @@ -394,6 +394,8 @@ class LinuxBridgeManager(object): return if bridge_device.disable_stp(): return + if bridge_device.disable_ipv6(): + return if bridge_device.link.set_up(): return LOG.debug("Done starting bridge %(bridge_name)s for " diff --git a/neutron/tests/unit/agent/linux/test_bridge_lib.py b/neutron/tests/unit/agent/linux/test_bridge_lib.py index 3b9701d0805..31177530cec 100644 --- a/neutron/tests/unit/agent/linux/test_bridge_lib.py +++ b/neutron/tests/unit/agent/linux/test_bridge_lib.py @@ -47,6 +47,10 @@ class BridgeLibTest(base.BaseTestCase): br.disable_stp() self._verify_bridge_mock(['brctl', 'stp', self._BR_NAME, 'off']) + br.disable_ipv6() + cmd = 'net.ipv6.conf.%s.disable_ipv6=1' % self._BR_NAME + self._verify_bridge_mock(['sysctl', '-w', cmd]) + br.addif(self._IF_NAME) self._verify_bridge_mock( ['brctl', 'addif', self._BR_NAME, self._IF_NAME]) diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py index abce55d99d6..6db92e11eea 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py +++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py @@ -759,6 +759,7 @@ class TestLinuxBridgeManager(base.BaseTestCase): br_fn.addbr.return_value = bridge_device bridge_device.setfd.return_value = False bridge_device.disable_stp.return_value = False + bridge_device.disable_ipv6.return_value = False bridge_device.link.set_up.return_value = False self.assertEqual(self.lbm.ensure_bridge("br0", None), "br0") ie_fn.return_Value = False