network: always set disable_ipv6, even when it should be 0

libvirt previously only touched an interface's disable_ipv6 setting in sysfs if it needed to be set to 1, assuming that 0 is the default. Apparently that isn't always the case though (kernel 3.15.7-1 in Arch Linux reportedly defaults a new interface's disable_ipv6 setting to 1) so this patch explicitly sets it to 0 or 1 as appropriate.
2025-01-22 12:35:17 +00:00 · 2014-08-01 17:51:37 -04:00 · 2014-08-01 17:51:37 -04:00 · c0788af07d
commit c0788af07d
parent be3cbecd0e
1 changed files with 22 additions and 21 deletions
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@ -1824,33 +1824,34 @@ networkSetIPv6Sysctls(virNetworkObjPtr network)
 {
    char *field = NULL;
    int ret = -1;
+    bool enableIPv6 =  !!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0);

-    if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0)) {
-        /* Only set disable_ipv6 if there are no ipv6 addresses defined for
-         * the network.
-         */
-        if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/disable_ipv6",
-                        network->def->bridge) < 0)
-            goto cleanup;
+    /* set disable_ipv6 if there are no ipv6 addresses defined for the
+     * network. But also unset it if there *are* ipv6 addresses, as we
+     * can't be sure of its default value.
+     */
+    if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/disable_ipv6",
+                    network->def->bridge) < 0)
+       goto cleanup;

-        if (access(field, W_OK) < 0 && errno == ENOENT) {
+    if (access(field, W_OK) < 0 && errno == ENOENT) {
+        if (!enableIPv6)
            VIR_DEBUG("ipv6 appears to already be disabled on %s",
                      network->def->bridge);
-            ret = 0;
-            goto cleanup;
-        }
-
-        if (virFileWriteStr(field, "1", 0) < 0) {
-            virReportSystemError(errno,
-                                 _("cannot write to %s to disable IPv6 on bridge %s"),
-                                 field, network->def->bridge);
-            goto cleanup;
-        }
-        VIR_FREE(field);
+        ret = 0;
+        goto cleanup;
    }

-    /* The rest of the ipv6 sysctl tunables should always be set,
-     * whether or not we're using ipv6 on this bridge.
+    if (virFileWriteStr(field, enableIPv6 ? "0" : "1", 0) < 0) {
+        virReportSystemError(errno,
+                             _("cannot write to %s to enable/disable IPv6 "
+                               "on bridge %s"), field, network->def->bridge);
+        goto cleanup;
+    }
+    VIR_FREE(field);
+
+    /* The rest of the ipv6 sysctl tunables should always be set the
+     * same, whether or not we're using ipv6 on this bridge.
     */

    /* Prevent guests from hijacking the host network by sending out