core, ipv6: enable optimistic_dad instead of completely disabling D…

…uplicate Address Detection We are disabling duplicate address detection for `ipv6` complelety which might not be needed so instead of setting `accept_dad` to `0` we can still do `optimistic_dad` to `1` for required interface. Some cons of using `optimistic_dad` * Might be still slower than disabling DAD. * Not good support for older kernels since it was added in later released of `3.x` Signed-off-by: Aditya R <[email protected]>
containers · Mar 16, 2022 · 613d297 · 613d297
1 parent 17f896c
commit 613d297
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/src/network/core_utils.rs b/src/network/core_utils.rs
@@ -799,11 +799,12 @@ impl CoreUtils {
                 }
 
                 if ipv6_enabled {
-                    // Disable duplicate address detection if ipv6 enabled
+                    // Enable optimistic_dad on interface if ipv6 is enabled
                     // Do not accept Router Advertisements if ipv6 is enabled
-                    let br_accept_dad = format!("/proc/sys/net/ipv6/conf/{}/accept_dad", ifname);
+                    let br_optimistic_dad =
+                        format!("/proc/sys/net/ipv6/conf/{}/optimistic_dad", ifname);
                     let br_accept_ra = format!("net/ipv6/conf/{}/accept_ra", ifname);
-                    if let Err(e) = CoreUtils::apply_sysctl_value(&br_accept_dad, "0") {
+                    if let Err(e) = CoreUtils::apply_sysctl_value(&br_optimistic_dad, "1") {
                         return Err(std::io::Error::new(
                             std::io::ErrorKind::Other,
                             format!("{}", e),
@@ -934,10 +935,10 @@ impl CoreUtils {
         }
 
         if ipv6_enabled {
-            //  Disable dad inside the container too
-            let disable_dad_in_container =
-                format!("/proc/sys/net/ipv6/conf/{}/accept_dad", container_veth);
-            if let Err(e) = CoreUtils::apply_sysctl_value(&disable_dad_in_container, "0") {
+            // Enable optimistic_dad on interface if ipv6 is enabled
+            let optimistic_dad_in_container =
+                format!("/proc/sys/net/ipv6/conf/{}/optimistic_dad", container_veth);
+            if let Err(e) = CoreUtils::apply_sysctl_value(&optimistic_dad_in_container, "1") {
                 return Err(std::io::Error::new(
                     std::io::ErrorKind::Other,
                     format!("{}", e),
@@ -1095,8 +1096,8 @@ impl CoreUtils {
         }
         if ipv6_enabled {
             // Disable duplicate address detection on host veth if ipv6 enabled
-            let k = format!("/proc/sys/net/ipv6/conf/{}/accept_dad", &host_veth);
-            match CoreUtils::apply_sysctl_value(&k, "0") {
+            let k = format!("/proc/sys/net/ipv6/conf/{}/optimistic_dad", &host_veth);
+            match CoreUtils::apply_sysctl_value(&k, "1") {
                 Ok(_) => {}
                 Err(err) => {
                     return Err(std::io::Error::new(