From 5a259d55f003da5085d0e333e9ef479805e9669b Mon Sep 17 00:00:00 2001
From: Tomas Kral <tomas.kral@gmail.com>
Date: Mon, 27 Jul 2015 13:31:03 +0200
Subject: [PATCH] modify /proc/sys only if needed

fixes #405

Signed-off-by: Tomas Kral <tomas.kral@gmail.com>
---
 .../drivers/bridge/setup_ip_forwarding.go     | 15 +++++--
 libnetwork/drivers/bridge/setup_ipv4.go       | 12 +++--
 libnetwork/drivers/bridge/setup_ipv6.go       | 45 ++++++++++++++-----
 3 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/libnetwork/drivers/bridge/setup_ip_forwarding.go b/libnetwork/drivers/bridge/setup_ip_forwarding.go
index 63ea9aa975..53f9c88d4d 100644
--- a/libnetwork/drivers/bridge/setup_ip_forwarding.go
+++ b/libnetwork/drivers/bridge/setup_ip_forwarding.go
@@ -11,9 +11,18 @@ const (
 )
 
 func setupIPForwarding() error {
-	// Enable IPv4 forwarding
-	if err := ioutil.WriteFile(ipv4ForwardConf, []byte{'1', '\n'}, ipv4ForwardConfPerm); err != nil {
-		return fmt.Errorf("Setup IP forwarding failed: %v", err)
+	// Get current IPv4 forward setup
+	ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf)
+	if err != nil {
+		return fmt.Errorf("Cannot read IP forwarding setup: %v", err)
+	}
+
+	// Enable IPv4 forwarding only if it is not already enabled
+	if ipv4ForwardData[0] != '1' {
+		// Enable IPv4 forwarding
+		if err := ioutil.WriteFile(ipv4ForwardConf, []byte{'1', '\n'}, ipv4ForwardConfPerm); err != nil {
+			return fmt.Errorf("Setup IP forwarding failed: %v", err)
+		}
 	}
 
 	return nil
diff --git a/libnetwork/drivers/bridge/setup_ipv4.go b/libnetwork/drivers/bridge/setup_ipv4.go
index 91a9a6bcf1..c72e71e9a6 100644
--- a/libnetwork/drivers/bridge/setup_ipv4.go
+++ b/libnetwork/drivers/bridge/setup_ipv4.go
@@ -131,10 +131,16 @@ func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
 }
 
 func setupLoopbackAdressesRouting(config *networkConfiguration, i *bridgeInterface) error {
-	// Enable loopback adresses routing
 	sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
-	if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
-		return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
+	ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)
+	}
+	// Enable loopback adresses routing only if it isn't already enabled
+	if ipv4LoRoutingData[0] != '1' {
+		if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
+			return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
+		}
 	}
 	return nil
 }
diff --git a/libnetwork/drivers/bridge/setup_ipv6.go b/libnetwork/drivers/bridge/setup_ipv6.go
index b534644edf..da3c9db9c3 100644
--- a/libnetwork/drivers/bridge/setup_ipv6.go
+++ b/libnetwork/drivers/bridge/setup_ipv6.go
@@ -12,8 +12,10 @@ import (
 var bridgeIPv6 *net.IPNet
 
 const (
-	bridgeIPv6Str       = "fe80::1/64"
-	ipv6ForwardConfPerm = 0644
+	bridgeIPv6Str          = "fe80::1/64"
+	ipv6ForwardConfPerm    = 0644
+	ipv6ForwardConfDefault = "/proc/sys/net/ipv6/conf/default/forwarding"
+	ipv6ForwardConfAll     = "/proc/sys/net/ipv6/conf/all/forwarding"
 )
 
 func init() {
@@ -27,10 +29,16 @@ func init() {
 }
 
 func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error {
-	// Enable IPv6 on the bridge
 	procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6"
-	if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
-		return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
+	ipv6BridgeData, err := ioutil.ReadFile(procFile)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 setup for bridge %v: %v", config.BridgeName, err)
+	}
+	// Enable IPv6 on the bridge only if it isn't already enabled
+	if ipv6BridgeData[0] != '0' {
+		if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
+			return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
+		}
 	}
 
 	_, addrsv6, err := i.addresses()
@@ -70,12 +78,29 @@ func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error {
 }
 
 func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error {
-	// Enable IPv6 forwarding
-	if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/default/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
-		logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
+	// Get current IPv6 default forwarding setup
+	ipv6ForwardDataDefault, err := ioutil.ReadFile(ipv6ForwardConfDefault)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 default forwarding setup: %v", err)
 	}
-	if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/all/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
-		logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
+	// Enable IPv6 default forwarding only if it is not already enabled
+	if ipv6ForwardDataDefault[0] != '1' {
+		if err := ioutil.WriteFile(ipv6ForwardConfDefault, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+			logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
+		}
 	}
+
+	// Get current IPv6 all forwarding setup
+	ipv6ForwardDataAll, err := ioutil.ReadFile(ipv6ForwardConfAll)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 all forwarding setup: %v", err)
+	}
+	// Enable IPv6 all forwarding only if it is not already enabled
+	if ipv6ForwardDataAll[0] != '1' {
+		if err := ioutil.WriteFile(ipv6ForwardConfAll, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+			logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
+		}
+	}
+
 	return nil
 }