From dfd5ff9c26cc087bc5ee200082117462efe86f73 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 25 Oct 2021 16:18:30 -0400 Subject: [PATCH] Default sysctl to "net.ipv6.conf.all.accept_dad=0" if slirp4netns Fixes: #11062 Signed-off-by: Daniel J Walsh --- pkg/specgen/generate/security.go | 6 ++++++ test/e2e/run_networking_test.go | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go index a11debdb54..ffe4094cef 100644 --- a/pkg/specgen/generate/security.go +++ b/pkg/specgen/generate/security.go @@ -9,6 +9,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/namespaces" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" "github.com/opencontainers/runtime-tools/generate" @@ -239,6 +240,11 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, g.AddLinuxSysctl(sysctlKey, sysctlVal) } + // Fixes #11062, speeds up creation of network. + if namespaces.NetworkMode(s.NetNS.NSMode).IsSlirp4netns() { + g.AddLinuxSysctl("net.ipv6.conf.all.accept_dad", "0") + } + for sysctlKey, sysctlVal := range s.Sysctl { if s.IpcNS.IsHost() && strings.HasPrefix(sysctlKey, "fs.mqueue.") { return errors.Wrapf(define.ErrInvalidArg, "sysctl %s=%s can't be set since IPC Namespace set to host", sysctlKey, sysctlVal) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index ca242a17c8..7b18e8d8b4 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -357,6 +357,13 @@ var _ = Describe("Podman run networking", func() { Expect(ncBusy).To(ExitWithError()) }) + It("podman run slirp4netns verify net.ipv6.conf.all.accept_dad=0", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "cat", "/proc/sys/net/ipv6/conf/all/accept_dad"}) + session.Wait(30) + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("0")) + }) + It("podman run network expose host port 18082 to container port 8000 using slirp4netns port handler", func() { session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=slirp4netns", "-dt", "-p", "18082:8000", ALPINE, "/bin/sh"}) session.Wait(30)