mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-28 21:47:18 +03:00
dnsmasq: disable IPv6 default gateway in RA for isolated networks
IPv6 RA always contains an implicit default route via the link-local address of the source of RA. This forces the guest to install a route via isolated network, which may disturb the guest's networking in case of multiple interfaces. More info in 013427e6e733f7a662f4e8a9c11f7dad4cd65e3f. The validity of this route is controlled by "default [route] lifetime" field of RA. If the lifetime is set to 0 seconds, then no route is installed by receiver. dnsmasq 2.67+ supports "ra-param=<interface>,<RA interval>,<default lifetime>" option. We pass "ra-param=*,0,0" (here, RA_interval=0 means default) to disable default gateway in RA for isolated networks.
This commit is contained in:
parent
a96528e957
commit
527968d433
@ -1047,10 +1047,17 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
|
|||||||
* requests are forwarded on to the dns server listed in the
|
* requests are forwarded on to the dns server listed in the
|
||||||
* host's /etc/resolv.conf (since this could be used as a channel
|
* host's /etc/resolv.conf (since this could be used as a channel
|
||||||
* to build a connection to the outside).
|
* to build a connection to the outside).
|
||||||
|
* IPv6 RA always contains an implicit default route
|
||||||
|
* via the sender's link-local address. The only thing we can do
|
||||||
|
* is set the lifetime of this route to 0, i.e. disable it.
|
||||||
*/
|
*/
|
||||||
if (network->def->forward.type == VIR_NETWORK_FORWARD_NONE) {
|
if (network->def->forward.type == VIR_NETWORK_FORWARD_NONE) {
|
||||||
virBufferAddLit(&configbuf, "dhcp-option=3\n"
|
virBufferAddLit(&configbuf, "dhcp-option=3\n"
|
||||||
"no-resolv\n");
|
"no-resolv\n");
|
||||||
|
if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM)) {
|
||||||
|
/* interface=* (any), interval=0 (default), lifetime=0 (seconds) */
|
||||||
|
virBufferAddLit(&configbuf, "ra-param=*,0,0\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < dns->ntxts; i++) {
|
for (i = 0; i < dns->ntxts; i++) {
|
||||||
|
@ -688,12 +688,16 @@ dnsmasqCapsSetFromBuffer(dnsmasqCapsPtr caps, const char *buf)
|
|||||||
if (strstr(buf, "--bind-interfaces with SO_BINDTODEVICE"))
|
if (strstr(buf, "--bind-interfaces with SO_BINDTODEVICE"))
|
||||||
dnsmasqCapsSet(caps, DNSMASQ_CAPS_BINDTODEVICE);
|
dnsmasqCapsSet(caps, DNSMASQ_CAPS_BINDTODEVICE);
|
||||||
|
|
||||||
|
if (strstr(buf, "--ra-param"))
|
||||||
|
dnsmasqCapsSet(caps, DNSMASQ_CAPS_RA_PARAM);
|
||||||
|
|
||||||
VIR_INFO("dnsmasq version is %d.%d, --bind-dynamic is %spresent, "
|
VIR_INFO("dnsmasq version is %d.%d, --bind-dynamic is %spresent, "
|
||||||
"SO_BINDTODEVICE is %sin use",
|
"SO_BINDTODEVICE is %sin use, --ra-param is %spresent",
|
||||||
(int)caps->version / 1000000,
|
(int)caps->version / 1000000,
|
||||||
(int)(caps->version % 1000000) / 1000,
|
(int)(caps->version % 1000000) / 1000,
|
||||||
dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC) ? "" : "NOT ",
|
dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC) ? "" : "NOT ",
|
||||||
dnsmasqCapsGet(caps, DNSMASQ_CAPS_BINDTODEVICE) ? "" : "NOT ");
|
dnsmasqCapsGet(caps, DNSMASQ_CAPS_BINDTODEVICE) ? "" : "NOT ",
|
||||||
|
dnsmasqCapsGet(caps, DNSMASQ_CAPS_RA_PARAM) ? "" : "NOT ");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
|
@ -71,6 +71,7 @@ typedef struct
|
|||||||
typedef enum {
|
typedef enum {
|
||||||
DNSMASQ_CAPS_BIND_DYNAMIC = 0, /* support for --bind-dynamic */
|
DNSMASQ_CAPS_BIND_DYNAMIC = 0, /* support for --bind-dynamic */
|
||||||
DNSMASQ_CAPS_BINDTODEVICE = 1, /* uses SO_BINDTODEVICE for --bind-interfaces */
|
DNSMASQ_CAPS_BINDTODEVICE = 1, /* uses SO_BINDTODEVICE for --bind-interfaces */
|
||||||
|
DNSMASQ_CAPS_RA_PARAM = 2, /* support for --ra-param */
|
||||||
|
|
||||||
DNSMASQ_CAPS_LAST, /* this must always be the last item */
|
DNSMASQ_CAPS_LAST, /* this must always be the last item */
|
||||||
} dnsmasqCapsFlags;
|
} dnsmasqCapsFlags;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user