Set arp_accept to 2 by default (#4383)

* When grat_arp is not enabled in config_db for an interface, intfmgr automatically sets kernel sysctl arp_accept for that interface to 0 as well as sets the sysctl accept_untracked_na for that interface to 0.

When grat_arp is enabled in config_db, intfmgr sets the kernel sysctl arp_accept for that interface to 1 and also sets the sysctl accept_untracked_na for that interface to 1.

Starting kernel 5.19, this sysctl has been extended to take a value of 2 to restrict learning of neighbor IPs from GARPs or unsolicited NAs to only IPs that are in the same subnet as the IP configured on that interface. In SONiC, it is more meaningful to have the value 2 instead of 1 by default.

This patch changes the default value of arp_accept and accept_untracked_na to 2 when grat_arp is enabled in the config_db for any interface.

Author: prabhataravind

cfgmgr/intfmgr.cpp

@@ -579,7 +579,7 @@ bool IntfMgr::setIntfGratArp(const string &alias, const string &grat_arp)
 
     if (grat_arp == "enabled")
     {
-        garp_enabled = "1";
+        garp_enabled = "2";
     }
     else if (grat_arp == "disabled")
     {

tests/test_vlan.py

@@ -507,7 +507,7 @@ def test_VlanHostIf(self, dvs):
     def test_VlanGratArp(self, dvs):
         def arp_accept_enabled():
             rc, res = dvs.runcmd("cat /proc/sys/net/ipv4/conf/Vlan{}/arp_accept".format(vlan))
-            return (res.strip("\n") == "1", res)
+            return (res.strip("\n") == "2", res)
 
         def arp_accept_disabled():
             rc, res = dvs.runcmd("cat /proc/sys/net/ipv4/conf/Vlan{}/arp_accept".format(vlan))