From 8b57a467ca8c0794f35477187cf4d15edbeb5aa6 Mon Sep 17 00:00:00 2001
From: Julien Fortin <julien@cumulusnetworks.com>
Date: Fri, 19 Oct 2018 17:42:24 +0200
Subject: [PATCH] addons: address: add l3_intf_arp_accept policy to control
 ARP_ACCEPT

$ cat /var/lib/ifupdown2/policy.d/address.json | grep l3_intf_arp_accept
      "l3_intf_arp_accept": "0"
$ ifreload -ad |& grep arp
debug: bridge: init: arp_nd_suppress_only_on_vxlan=True
info: writing '0' to file /proc/sys/net/ipv4/conf/br0/arp_accept
$
$
$ emacs -nw /var/lib/ifupdown2/policy.d/address.json
$
$ cat /var/lib/ifupdown2/policy.d/address.json | grep l3_intf_arp_accept
      "l3_intf_arp_accept": "1"
$
$ ifreload -ad |& grep arp
debug: bridge: init: arp_nd_suppress_only_on_vxlan=True
info: writing '1' to file /proc/sys/net/ipv4/conf/br0/arp_accept
$

Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
---
 ifupdown2/addons/address.py | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py
index 3d00aad..627a3ce 100644
--- a/ifupdown2/addons/address.py
+++ b/ifupdown2/addons/address.py
@@ -148,6 +148,14 @@ class address(moduleBase):
 
         self.lower_iface_mtu_checked_list = list()
 
+        self.l3_intf_arp_accept = utils.get_boolean_from_string(
+            policymanager.policymanager_api.get_module_globals(
+                module_name=self.__class__.__name__,
+                attr='l3_intf_arp_accept'
+            ),
+            default=False
+        )
+
     def syntax_check(self, ifaceobj, ifaceobj_getfunc=None):
         return (self.syntax_check_multiple_gateway(ifaceobj)
                 and self.syntax_check_addr_allowed_on(ifaceobj, True)
@@ -265,13 +273,16 @@ class address(moduleBase):
                 is_vlan_dev_on_vlan_aware_bridge = self.ipcmd.bridge_is_vlan_aware(bridgename)
         if ((is_bridge and not self.ipcmd.bridge_is_vlan_aware(ifaceobj.name))
                         or is_vlan_dev_on_vlan_aware_bridge):
-           if self._address_valid(addrs):
-              if up:
-                self.write_file('/proc/sys/net/ipv4/conf/%s' %ifaceobj.name +
-                                '/arp_accept', '1')
-              else:
-                self.write_file('/proc/sys/net/ipv4/conf/%s' %ifaceobj.name +
-                                '/arp_accept', '0')
+            if self._address_valid(addrs):
+                if self.l3_intf_arp_accept:
+                    if up:
+                        self.write_file('/proc/sys/net/ipv4/conf/%s' % ifaceobj.name +
+                                        '/arp_accept', '1')
+                    else:
+                        self.write_file('/proc/sys/net/ipv4/conf/%s' % ifaceobj.name +
+                                        '/arp_accept', '0')
+                else:
+                    self.write_file('/proc/sys/net/ipv4/conf/%s/arp_accept' % ifaceobj.name, '0')
         if hwaddress and is_vlan_dev_on_vlan_aware_bridge:
            if up:
               self.ipcmd.bridge_fdb_add(bridgename, hwaddress, vlan)
-- 
2.39.2