From 5ac41375235c2c66ba32ff4f5eb1f7dabc6bdadf Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Fri, 27 Oct 2023 15:07:04 +0200 Subject: [PATCH] image: use all of cilium's sysctl overrides --- image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf | 3 --- .../usr/lib/sysctl.d/99-zzz-override_cilium.conf | 8 ++++++++ 2 files changed, 8 insertions(+), 3 deletions(-) delete mode 100644 image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf create mode 100644 image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf diff --git a/image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf b/image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf deleted file mode 100644 index 715ce12a2e..0000000000 --- a/image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf +++ /dev/null @@ -1,3 +0,0 @@ -# See https://github.com/cilium/cilium/issues/10645 -net.ipv4.conf.lxc*.rp_filter = 0 -net.ipv4.conf.cilium_*.rp_filter = 0 diff --git a/image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf b/image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf new file mode 100644 index 0000000000..da7361c0d0 --- /dev/null +++ b/image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf @@ -0,0 +1,8 @@ +# See https://github.com/cilium/cilium/issues/10645 +# and https://github.com/cilium/cilium/blame/898a632e3c3b64eaa0f23ebde5a069e87373c59b/tools/sysctlfix/main.go#L41 +# Disable rp_filter on Cilium interfaces since it may cause mangled packets to be dropped +-net.ipv4.conf.lxc*.rp_filter = 0 +-net.ipv4.conf.cilium_*.rp_filter = 0 +# The kernel uses max(conf.all, conf.{dev}) as its value, so we need to set .all. to 0 as well. +# Otherwise it will overrule the device specific settings. +net.ipv4.conf.all.rp_filter = 0