From 489e95bc305b017dd8b61960c9e92aae130e863d Mon Sep 17 00:00:00 2001 From: kvaps Date: Thu, 1 Nov 2018 10:38:42 +0100 Subject: [PATCH] Set arp_ignore and arp_announce flags --- pkg/proxy/ipvs/proxier.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 82a5df6f42..cfce9bb508 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -171,6 +171,8 @@ const sysctlRouteLocalnet = "net/ipv4/conf/all/route_localnet" const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables" const sysctlVSConnTrack = "net/ipv4/vs/conntrack" const sysctlForward = "net/ipv4/ip_forward" +const sysctlArpIgnore = "net/ipv4/conf/all/arp_ignore" +const sysctlArpAnnounce = "net/ipv4/conf/all/arp_announce" // Proxier is an ipvs based proxy for connections between a localhost:lport // and services that provide the actual backends. @@ -327,6 +329,20 @@ func NewProxier(ipt utiliptables.Interface, } } + // Set the arp_ignore sysctl we need for + if val, _ := sysctl.GetSysctl(sysctlArpIgnore); val != 1 { + if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil { + return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err) + } + } + + // Set the arp_announce sysctl we need for + if val, _ := sysctl.GetSysctl(sysctlArpAnnounce); val != 2 { + if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil { + return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err) + } + } + // Generate the masquerade mark to use for SNAT rules. masqueradeValue := 1 << uint(masqueradeBit) masqueradeMark := fmt.Sprintf("%#08x/%#08x", masqueradeValue, masqueradeValue)