From: Brian Haley <brian.haley@hpe.com>
Date: Tue, 3 Nov 2015 03:04:11 +0000 (-0500)
Subject: Disable IPv6 on bridge devices in LinuxBridgeManager
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=404eaead793b3192982ae247685970973609be1f;p=openstack-build%2Fneutron-build.git

Disable IPv6 on bridge devices in LinuxBridgeManager

We don't want to create a bridge device with an IPv6 address because
it will see the Router Advertisement from Neutron.

Change-Id: If59a823804d3477c5d8877f46fcc4c018af57a5a
Closes-bug: 1302080
---

diff --git a/neutron/agent/linux/bridge_lib.py b/neutron/agent/linux/bridge_lib.py
index dd1712cbf..6a093da01 100644
--- a/neutron/agent/linux/bridge_lib.py
+++ b/neutron/agent/linux/bridge_lib.py
@@ -44,6 +44,11 @@ class BridgeDevice(ip_lib.IPDevice):
         ip_wrapper = ip_lib.IPWrapper(self.namespace)
         return ip_wrapper.netns.execute(cmd, run_as_root=True)
 
+    def _sysctl(self, cmd):
+        cmd = ['sysctl', '-w'] + cmd
+        ip_wrapper = ip_lib.IPWrapper(self.namespace)
+        return ip_wrapper.netns.execute(cmd, run_as_root=True)
+
     @classmethod
     def addbr(cls, name, namespace=None):
         bridge = cls(name, namespace)
@@ -75,6 +80,10 @@ class BridgeDevice(ip_lib.IPDevice):
     def disable_stp(self):
         return self._brctl(['stp', self.name, 'off'])
 
+    def disable_ipv6(self):
+        cmd = 'net.ipv6.conf.%s.disable_ipv6=1' % self.name
+        return self._sysctl([cmd])
+
     def owns_interface(self, interface):
         return os.path.exists(
             BRIDGE_INTERFACE_FS % {'bridge': self.name,
diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
index 9568db251..9810de5a8 100644
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
@@ -350,6 +350,8 @@ class LinuxBridgeManager(object):
                 return
             if bridge_device.disable_stp():
                 return
+            if bridge_device.disable_ipv6():
+                return
             if bridge_device.link.set_up():
                 return
             LOG.debug("Done starting bridge %(bridge_name)s for "
diff --git a/neutron/tests/unit/agent/linux/test_bridge_lib.py b/neutron/tests/unit/agent/linux/test_bridge_lib.py
index 425415744..d1c842c42 100644
--- a/neutron/tests/unit/agent/linux/test_bridge_lib.py
+++ b/neutron/tests/unit/agent/linux/test_bridge_lib.py
@@ -62,6 +62,10 @@ class BridgeLibTest(base.BaseTestCase):
         br.disable_stp()
         self._verify_bridge_mock(['brctl', 'stp', self._BR_NAME, 'off'])
 
+        br.disable_ipv6()
+        cmd = 'net.ipv6.conf.%s.disable_ipv6=1' % self._BR_NAME
+        self._verify_bridge_mock(['sysctl', '-w', cmd])
+
         br.addif(self._IF_NAME)
         self._verify_bridge_mock(
             ['brctl', 'addif', self._BR_NAME, self._IF_NAME])
diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
index 2d3e94ef7..7525c767a 100644
--- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
@@ -651,6 +651,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
             br_fn.addbr.return_value = bridge_device
             bridge_device.setfd.return_value = False
             bridge_device.disable_stp.return_value = False
+            bridge_device.disable_ipv6.return_value = False
             bridge_device.link.set_up.return_value = False
             self.assertEqual(self.lbm.ensure_bridge("br0", None), "br0")