From: Dan Williams <dcbw@redhat.com>
Date: Thu, 28 Apr 2016 16:26:47 +0000 (-0500)
Subject: macvlan: sysctl must be set in macvlan interface's namespace
X-Git-Url: https://git.halfball.org/?a=commitdiff_plain;h=f4eb76318ea8e8f4946aaf3cc2272d0db578573b;p=cni.git

macvlan: sysctl must be set in macvlan interface's namespace

The macvlan is initially created in a separate network namespace
and the sysctl must be set in that namespace too.
---

diff --git a/plugins/main/macvlan/macvlan.go b/plugins/main/macvlan/macvlan.go
index febf2fc..ce05871 100644
--- a/plugins/main/macvlan/macvlan.go
+++ b/plugins/main/macvlan/macvlan.go
@@ -106,17 +106,18 @@ func createMacvlan(conf *NetConf, ifName string, netns *os.File) error {
 		return fmt.Errorf("failed to create macvlan: %v", err)
 	}
 
-	// TODO: duplicate following lines for ipv6 support, when it will be added in other places
-	ipv4SysctlValueName := fmt.Sprintf(IPv4InterfaceArpProxySysctlTemplate, tmpName)
-	if _, err := sysctl.Sysctl(ipv4SysctlValueName, "1"); err != nil {
-		// remove the newly added link and ignore errors, because we already are in a failed state
-		_ = netlink.LinkDel(mv)
-		return fmt.Errorf("failed to set proxy_arp on newly added interface %q: %v", tmpName, err)
-	}
-
 	return ns.WithNetNS(netns, false, func(_ *os.File) error {
+		// TODO: duplicate following lines for ipv6 support, when it will be added in other places
+		ipv4SysctlValueName := fmt.Sprintf(IPv4InterfaceArpProxySysctlTemplate, tmpName)
+		if _, err := sysctl.Sysctl(ipv4SysctlValueName, "1"); err != nil {
+			// remove the newly added link and ignore errors, because we already are in a failed state
+			_ = netlink.LinkDel(mv)
+			return fmt.Errorf("failed to set proxy_arp on newly added interface %q: %v", tmpName, err)
+		}
+
 		err := renameLink(tmpName, ifName)
 		if err != nil {
+			_ = netlink.LinkDel(mv)
 			return fmt.Errorf("failed to rename macvlan to %q: %v", ifName, err)
 		}
 		return nil