[libvirt] [PATCH] network: always set disable_ipv6, even when it should be 0

2014-08-01 Thread Laine Stump 
libvirt previously only touched an interface's disable_ipv6 setting in
sysfs if it needed to be set to 1, assuming that 0 is the
default. Apparently that isn't always the case though (kernel 3.15.7-1
in Arch Linux reportedly defaults a new interface's disable_ipv6
setting to 1) so this patch explicitly sets it to 0 or 1 as
appropriate.
---
 src/network/bridge_driver.c | 41 +
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 6ccc6e2..965fdec 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1824,33 +1824,34 @@ networkSetIPv6Sysctls(virNetworkObjPtr network)
 {
 char *field = NULL;
 int ret = -1;
+bool enableIPv6 =  !!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0);
 
-if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0)) {
-/* Only set disable_ipv6 if there are no ipv6 addresses defined for
- * the network.
- */
-if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/disable_ipv6",
-network->def->bridge) < 0)
-goto cleanup;
+/* set disable_ipv6 if there are no ipv6 addresses defined for the
+ * network. But also unset it if there *are* ipv6 addresses, as we
+ * can't be sure of its default value.
+ */
+if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/disable_ipv6",
+network->def->bridge) < 0)
+   goto cleanup;
 
-if (access(field, W_OK) < 0 && errno == ENOENT) {
+if (access(field, W_OK) < 0 && errno == ENOENT) {
+if (!enableIPv6)
 VIR_DEBUG("ipv6 appears to already be disabled on %s",
   network->def->bridge);
-ret = 0;
-goto cleanup;
-}
+ret = 0;
+goto cleanup;
+}
 
-if (virFileWriteStr(field, "1", 0) < 0) {
-virReportSystemError(errno,
- _("cannot write to %s to disable IPv6 on 
bridge %s"),
- field, network->def->bridge);
-goto cleanup;
-}
-VIR_FREE(field);
+if (virFileWriteStr(field, enableIPv6 ? "0" : "1", 0) < 0) {
+virReportSystemError(errno,
+ _("cannot write to %s to enable/disable IPv6 "
+   "on bridge %s"), field, network->def->bridge);
+goto cleanup;
 }
+VIR_FREE(field);
 
-/* The rest of the ipv6 sysctl tunables should always be set,
- * whether or not we're using ipv6 on this bridge.
+/* The rest of the ipv6 sysctl tunables should always be set the
+ * same, whether or not we're using ipv6 on this bridge.
  */
 
 /* Prevent guests from hijacking the host network by sending out
-- 
1.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] network: always set disable_ipv6, even when it should be 0

2014-08-02 Thread Eric Blake 
On 08/01/2014 04:29 PM, Laine Stump wrote:
> libvirt previously only touched an interface's disable_ipv6 setting in
> sysfs if it needed to be set to 1, assuming that 0 is the
> default. Apparently that isn't always the case though (kernel 3.15.7-1
> in Arch Linux reportedly defaults a new interface's disable_ipv6
> setting to 1) so this patch explicitly sets it to 0 or 1 as
> appropriate.
> ---
>  src/network/bridge_driver.c | 41 +
>  1 file changed, 21 insertions(+), 20 deletions(-)
> 

ACK; safe for 1.2.7 if you are in time

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] network: always set disable_ipv6, even when it should be 0

2014-08-02 Thread Laine Stump 
On 08/02/2014 04:23 PM, Eric Blake wrote:
> On 08/01/2014 04:29 PM, Laine Stump wrote:
>> libvirt previously only touched an interface's disable_ipv6 setting in
>> sysfs if it needed to be set to 1, assuming that 0 is the
>> default. Apparently that isn't always the case though (kernel 3.15.7-1
>> in Arch Linux reportedly defaults a new interface's disable_ipv6
>> setting to 1) so this patch explicitly sets it to 0 or 1 as
>> appropriate.
>> ---
>>  src/network/bridge_driver.c | 41 +
>>  1 file changed, 21 insertions(+), 20 deletions(-)
>>
> ACK; safe for 1.2.7 if you are in time
>

Thanks! Since this is a regression for Arch Linux users (albeit a
regression not caused by a change in libvirt), and since those users
quite often keep astride the latest upstream release of libvirt, I
pushed this now.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list