From e785be49b67d14d4583f680c3901e1bd1b603510 Mon Sep 17 00:00:00 2001
From: Quan Tian <qtian@vmware.com>
Date: Tue, 2 Jan 2024 17:40:39 +0800
Subject: [PATCH] Enable IPv4/IPv6 forwarding on demand automatically

Although it has been documented as a prerequisite in [1], there are
some platforms not enabling ip forwarding by default. kube-proxy ipvs
mode and some CNIs enable it by themselves to ensure Pod networking
work properly.

As Antrea needs IP forwarding to be enabled, there seems no reason to
not do it by itself, rather than expecting users or other components to
do it.

[1] https://kubernetes.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites

Signed-off-by: Quan Tian <qtian@vmware.com>
---
 pkg/agent/route/route_linux.go | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/pkg/agent/route/route_linux.go b/pkg/agent/route/route_linux.go
index e4c6c4dfcec..584c777a466 100644
--- a/pkg/agent/route/route_linux.go
+++ b/pkg/agent/route/route_linux.go
@@ -182,15 +182,17 @@ func (c *Client) Initialize(nodeConfig *config.NodeConfig, done func()) error {
 		return fmt.Errorf("failed to initialize ip routes: %v", err)
 	}
 
+	// Ensure IPv4 forwarding is enabled if it is a dual-stack or IPv4-only cluster.
+	if c.nodeConfig.NodeIPv4Addr != nil {
+		if err := sysctl.EnsureSysctlNetValue("ipv4/ip_forward", 1); err != nil {
+			return fmt.Errorf("failed to enable IPv4 forwarding: %w", err)
+		}
+	}
+
 	// Ensure IPv6 forwarding is enabled if it is a dual-stack or IPv6-only cluster.
 	if c.nodeConfig.NodeIPv6Addr != nil {
-		sysctlFilename := "ipv6/conf/all/forwarding"
-		v, err := sysctl.GetSysctlNet(sysctlFilename)
-		if err != nil {
-			return fmt.Errorf("failed to read value of sysctl file: %s", sysctlFilename)
-		}
-		if v != 1 {
-			return fmt.Errorf("IPv6 forwarding is not enabled")
+		if err := sysctl.EnsureSysctlNetValue("ipv6/conf/all/forwarding", 1); err != nil {
+			return fmt.Errorf("failed to enable IPv6 forwarding: %w", err)
 		}
 	}