Disable IPv6 on bridge devices in LinuxBridgeManager

We don't want to create a bridge device with an IPv6 address because
it will see the Router Advertisement from Neutron.

Change-Id: If59a823804d3477c5d8877f46fcc4c018af57a5a
Closes-bug: 1302080

diff --git a/neutron/agent/linux/bridge_lib.py b/neutron/agent/linux/bridge_lib.py
index dd1712cbfeca3f4e25a3920662f5918052801b58..6a093da0189a8f53a4eca7559cd45e5b5cfbf352 100644 (file)
--- a/neutron/agent/linux/bridge_lib.py
+++ b/neutron/agent/linux/bridge_lib.py
@@ -44,6 +44,11 @@ class BridgeDevice(ip_lib.IPDevice):
         ip_wrapper = ip_lib.IPWrapper(self.namespace)
         return ip_wrapper.netns.execute(cmd, run_as_root=True)
 
+    def _sysctl(self, cmd):
+        cmd = ['sysctl', '-w'] + cmd
+        ip_wrapper = ip_lib.IPWrapper(self.namespace)
+        return ip_wrapper.netns.execute(cmd, run_as_root=True)
+
     @classmethod
     def addbr(cls, name, namespace=None):
         bridge = cls(name, namespace)
@@ -75,6 +80,10 @@ class BridgeDevice(ip_lib.IPDevice):
     def disable_stp(self):
         return self._brctl(['stp', self.name, 'off'])
 
+    def disable_ipv6(self):
+        cmd = 'net.ipv6.conf.%s.disable_ipv6=1' % self.name
+        return self._sysctl([cmd])
+
     def owns_interface(self, interface):
         return os.path.exists(
             BRIDGE_INTERFACE_FS % {'bridge': self.name,

diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
index 9568db2519a75652c10c822b6ea8ed4963ac3fef..9810de5a8f95ebccbf86ac100ea0910e9472b269 100644 (file)
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
@@ -350,6 +350,8 @@ class LinuxBridgeManager(object):
                 return
             if bridge_device.disable_stp():
                 return
+            if bridge_device.disable_ipv6():
+                return
             if bridge_device.link.set_up():
                 return
             LOG.debug("Done starting bridge %(bridge_name)s for "

diff --git a/neutron/tests/unit/agent/linux/test_bridge_lib.py b/neutron/tests/unit/agent/linux/test_bridge_lib.py
index 4254157443e43c92afbd3dbd0fa65c512d351b95..d1c842c425ba4cfee7890c0f9c2b78caf271f345 100644 (file)
--- a/neutron/tests/unit/agent/linux/test_bridge_lib.py
+++ b/neutron/tests/unit/agent/linux/test_bridge_lib.py
@@ -62,6 +62,10 @@ class BridgeLibTest(base.BaseTestCase):
         br.disable_stp()
         self._verify_bridge_mock(['brctl', 'stp', self._BR_NAME, 'off'])
 
+        br.disable_ipv6()
+        cmd = 'net.ipv6.conf.%s.disable_ipv6=1' % self._BR_NAME
+        self._verify_bridge_mock(['sysctl', '-w', cmd])
+
         br.addif(self._IF_NAME)
         self._verify_bridge_mock(
             ['brctl', 'addif', self._BR_NAME, self._IF_NAME])

diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
index 2d3e94ef79706da29a23a08df0b59600e942a8e4..7525c767ace9474a5b547a753562c4fbe4e9acee 100644 (file)
--- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
@@ -651,6 +651,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
             br_fn.addbr.return_value = bridge_device
             bridge_device.setfd.return_value = False
             bridge_device.disable_stp.return_value = False
+            bridge_device.disable_ipv6.return_value = False
             bridge_device.link.set_up.return_value = False
             self.assertEqual(self.lbm.ensure_bridge("br0", None), "br0")