Repository: mesos Updated Branches: refs/heads/master 7dca9dbbb -> 645adc6ab
Made sure IPv6 is disabled for port mapping network isolator. Review: https://reviews.apache.org/r/25512 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/645adc6a Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/645adc6a Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/645adc6a Branch: refs/heads/master Commit: 645adc6ab9f67a7ef1d0f8cff1fd981714b44838 Parents: 7dca9db Author: Jie Yu <[email protected]> Authored: Tue Sep 9 15:46:39 2014 -0700 Committer: Jie Yu <[email protected]> Committed: Wed Sep 10 16:21:31 2014 -0700 ---------------------------------------------------------------------- .../isolators/network/port_mapping.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/645adc6a/src/slave/containerizer/isolators/network/port_mapping.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp index 3b8e74f..9248460 100644 --- a/src/slave/containerizer/isolators/network/port_mapping.cpp +++ b/src/slave/containerizer/isolators/network/port_mapping.cpp @@ -890,6 +890,7 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags) // feature only exists on kernel 3.6 or newer. const string loRouteLocalnet = path::join("/proc/sys/net/ipv4/conf", lo.get(), "route_localnet"); + if (!os::exists(loRouteLocalnet)) { // TODO(jieyu): Consider supporting running the isolator if this // feature is not available. We need to conditionally disable @@ -1363,6 +1364,19 @@ Future<Nothing> PortMappingIsolatorProcess::isolate( createVethPair.error()); } + // Disable IPv6 for veth as IPv6 packets won't be forwarded anyway. + const string disableIPv6 = + path::join("/proc/sys/net/ipv6/conf", veth(pid), "disable_ipv6"); + + if (os::exists(disableIPv6)) { + Try<Nothing> write = os::write(disableIPv6, "1"); + if (write.isError()) { + return Failure( + "Failed to disable IPv6 for " + veth(pid) + + ": " + write.error()); + } + } + // Sets the MAC address of veth to match the MAC address of the host // public interface (eth0). Try<bool> setVethMAC = link::setMAC(veth(pid), hostMAC); @@ -2323,6 +2337,9 @@ string PortMappingIsolatorProcess::scripts(Info* info) // changes in the container will not be propagated to the host. script << "mount --make-rslave " << BIND_MOUNT_ROOT << "\n"; + // Disable IPv6 as IPv6 packets won't be forwarded anyway. + script << "echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n"; + // Configure lo and eth0. script << "ip link set " << lo << " address " << hostMAC << " mtu "<< hostEth0MTU << " up\n";
