Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7696042 authored Mar 30, 2018 by David S. Miller

Merge branch 'do-not-allow-adding-routes-if-disable_ipv6-is-enabled'



Lorenzo Bianconi says:

====================
do not allow adding routes if disable_ipv6 is enabled

Do not allow userspace to add static ipv6 routes if disable_ipv6 is enabled.
Update disable_ipv6 documentation according to that change

Changes since v1:
- added an extack message telling the user that IPv6 is disabled on the nexthop
  device
- rebased on-top of net-next
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

parents d162190b 2f0aaf7f

Documentation/networking/ip-sysctl.txt

+3 −1

Original line number	Diff line number	Diff line
		@@ -1703,7 +1703,9 @@ disable_ipv6 - BOOLEAN
		interface and start Duplicate Address Detection, if necessary.

		When this value is changed from 0 to 1 (IPv6 is being disabled),
		it will dynamically delete all address on the given interface.
		it will dynamically delete all addresses and routes on the given
		interface. From now on it will not possible to add addresses/routes
		to the selected interface.

		accept_dad - INTEGER
		Whether to accept DAD (Duplicate Address Detection).

net/ipv6/route.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -2917,6 +2917,12 @@ static struct rt6_info ip6_route_info_create(struct fib6_config cfg,
		if (!dev)
		goto out;

		if (idev->cnf.disable_ipv6) {
		NL_SET_ERR_MSG(extack, "IPv6 is disabled on nexthop device");
		err = -EACCES;
		goto out;
		}

		if (!(dev->flags & IFF_UP)) {
		NL_SET_ERR_MSG(extack, "Nexthop device is not up");
		err = -ENETDOWN;