From 65650fbda066052520e9d6e627cfb5b3d0d05a77 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Fri, 7 Oct 2022 15:41:26 +0200
Subject: [PATCH] Do not use ipv6 autoconf

When we run container netavark (or in the future the dhcp proxy) should
set ip addresses. The ipv6 auto configuration is not wanted in almost
all cases so we just disable it for now.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2126243

I was able to reproduce this and can confirm that this fixes the issue
for me. I don't think we can test it in CI.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 src/network/core_utils.rs | 24 ++++++++++++++++++++++++
 test/300-macvlan.bats     |  3 +++
 2 files changed, 27 insertions(+)

diff --git a/src/network/core_utils.rs b/src/network/core_utils.rs
index 9985b7422..a26624652 100644
--- a/src/network/core_utils.rs
+++ b/src/network/core_utils.rs
@@ -1176,6 +1176,30 @@ impl CoreUtils {
             }
         };
         tokio::spawn(_connection);
+
+        // make sure autoconf is off, we want manaully config only
+        if let Err(err) = CoreUtils::apply_sysctl_value(
+            format!("/proc/sys/net/ipv6/conf/{}/autoconf", ifname),
+            "0",
+        ) {
+            match err {
+                SysctlError::NotFound(_) => {
+                    // if the sysctl is not found we likely run on a system without ipv6
+                    // just ignore that case
+                }
+
+                // if we have a read only /proc we ignore it as well
+                SysctlError::IoError(ref e) if e.raw_os_error() == Some(libc::EROFS) => {}
+
+                _ => {
+                    return Err(std::io::Error::new(
+                        std::io::ErrorKind::Other,
+                        format!("failed to set autoconf sysctl: {}", err),
+                    ));
+                }
+            }
+        };
+
         // ip netns exec ip link set <ifname> up
         if let Err(err) = CoreUtils::set_link_up(&handle, ifname).await {
             return Err(err);
diff --git a/test/300-macvlan.bats b/test/300-macvlan.bats
index 2cf7a4948..f6b724d0f 100644
--- a/test/300-macvlan.bats
+++ b/test/300-macvlan.bats
@@ -33,6 +33,9 @@ function setup() {
     run_in_container_netns ip r
     assert "$output" "=~" "default via 10.88.0.1" "gateway must be there in default route"
     assert_json "$result" ".podman.interfaces.eth0.subnets[0].gateway" == "10.88.0.1" "Result contains gateway address"
+
+    run_in_container_netns cat /proc/sys/net/ipv6/conf/eth0/autoconf
+    assert "0" "autoconf is disabled"
 }
 
 @test "macvlan setup with mtu" {