Default sysctl to "net.ipv6.conf.all.accept_dad=0" if slirp4netns

Fixes: containers#11062

Signed-off-by: Daniel J Walsh <[email protected]>

pkg/specgen/generate/security.go

@@ -9,6 +9,7 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/libpod/define"
+	"github.com/containers/podman/v3/pkg/namespaces"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/opencontainers/runtime-tools/generate"
@@ -239,6 +240,11 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 		g.AddLinuxSysctl(sysctlKey, sysctlVal)
 	}
 
+	// Fixes #11062, speeds up creation of network.
+	if namespaces.NetworkMode(s.NetNS.NSMode).IsSlirp4netns() {
+		g.AddLinuxSysctl("net.ipv6.conf.all.accept_dad", "0")
+	}
+
 	for sysctlKey, sysctlVal := range s.Sysctl {
 		if s.IpcNS.IsHost() && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
 			return errors.Wrapf(define.ErrInvalidArg, "sysctl %s=%s can't be set since IPC Namespace set to host", sysctlKey, sysctlVal)

test/e2e/run_networking_test.go

@@ -357,6 +357,13 @@ var _ = Describe("Podman run networking", func() {
 		Expect(ncBusy).To(ExitWithError())
 	})
 
+	It("podman run slirp4netns verify net.ipv6.conf.all.accept_dad=0", func() {
+		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "cat", "/proc/sys/net/ipv6/conf/all/accept_dad"})
+		session.Wait(30)
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal("0"))
+	})
+
 	It("podman run network expose host port 18082 to container port 8000 using slirp4netns port handler", func() {
 		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=slirp4netns", "-dt", "-p", "18082:8000", ALPINE, "/bin/sh"})
 		session.Wait(30)