1. First save/check all,default,lo together and only after - set them,
as setting some sysctls can affect the others
2. Set "accept_redirects" after "forwarding" both for ipv4 and ipv6
3. Change order to "all", "default", "lo"
*One can not set ipv6.conf.all.stable_secret, so don't even try, see:
commit 622c81d57b39 ("ipv6: generation of stable privacy addresses for
link-local and autoconf")
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
$ git log v4.4-rc1-465-gd6df198
commit d6df198d924775e4751561cf60ef0294e95f74df
Author: Phil Sutter <phil@nwl.cc>
Date: Tue Dec 1 22:45:15 2015 +0100
net: ipv6: restrict hop_limit sysctl setting to range [1; 255]
Setting a value bigger than 255 resulted in using only the lower eight
bits of that value as it is assigned to the u8 header field. To avoid
this unexpected result, reject such values.
https://github.com/xemul/criu/issues/164
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
stable_secret is always unset in new netns, and we can not restore
it to that state after it is set, so just skip save/restore steps
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
mldv1_unsolicited_report_interval and mldv2_unsolicited_report_interval
are rounded up to (MSEC_PER_SEC / HZ)*k when set as in kernel they are
saved in jiffies. As min HZ is 100, 10 is MAX_MSEC_GRANULARITY.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As changing disable_ipv6 sysctl for some device may change mtu sysctl
for it we need to first check mtu, and only then set disable_ipv6.
That can be done splitting our functions into two.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
some sysctls have minimal value != 0 so we will also need to
set their lower limit e.g. /proc/sys/net/ipv6/conf/all/mtu
name possible states range
accept_source_route "<0", ">=0" {-1, 0}
medium_id "-1", "0", ">0" {-1, INT_MAX}
src_valid_mark true, false {0, 1}
tag any {INT_MIN, INT_MAX}
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Get arrays out of save_and_set and check_and_restore, as it is an
overkill to give to the function wich should work with only one
element of array the whole array.
These makes them reusable in future test of ipv6 config.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
drop_unicast_in_l2_multicast and drop_gratuitous_arp appeared in MS:
commit 12b74dfadb5a ("ipv4: add option to drop unicast encapsulated in
L2 multicast")
commit 97daf3314550 ("ipv4: add option to drop gratuitous ARP packets")
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Move static and transition into zdtm top. We can't move all the micro
tests themselves, as we need to distinguish static from non static (zdtm.py
makes additional checks on static ones).
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
