Commit 778d80be authored by YOSHIFUJI Hideaki's avatar YOSHIFUJI Hideaki

ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface.

Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
parent 5ce83afa
...@@ -1025,6 +1025,10 @@ max_addresses - INTEGER ...@@ -1025,6 +1025,10 @@ max_addresses - INTEGER
autoconfigured addresses. autoconfigured addresses.
Default: 16 Default: 16
disable_ipv6 - BOOLEAN
Disable IPv6 operation.
Default: FALSE (enable IPv6 operation)
icmp/*: icmp/*:
ratelimit - INTEGER ratelimit - INTEGER
Limit the maximal rates for sending ICMPv6 packets. Limit the maximal rates for sending ICMPv6 packets.
......
...@@ -163,6 +163,7 @@ struct ipv6_devconf { ...@@ -163,6 +163,7 @@ struct ipv6_devconf {
#ifdef CONFIG_IPV6_MROUTE #ifdef CONFIG_IPV6_MROUTE
__s32 mc_forwarding; __s32 mc_forwarding;
#endif #endif
__s32 disable_ipv6;
void *sysctl; void *sysctl;
}; };
...@@ -194,6 +195,7 @@ enum { ...@@ -194,6 +195,7 @@ enum {
DEVCONF_OPTIMISTIC_DAD, DEVCONF_OPTIMISTIC_DAD,
DEVCONF_ACCEPT_SOURCE_ROUTE, DEVCONF_ACCEPT_SOURCE_ROUTE,
DEVCONF_MC_FORWARDING, DEVCONF_MC_FORWARDING,
DEVCONF_DISABLE_IPV6,
DEVCONF_MAX DEVCONF_MAX
}; };
......
...@@ -183,6 +183,7 @@ struct ipv6_devconf ipv6_devconf __read_mostly = { ...@@ -183,6 +183,7 @@ struct ipv6_devconf ipv6_devconf __read_mostly = {
#endif #endif
.proxy_ndp = 0, .proxy_ndp = 0,
.accept_source_route = 0, /* we do not accept RH0 by default. */ .accept_source_route = 0, /* we do not accept RH0 by default. */
.disable_ipv6 = 0,
}; };
static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
...@@ -215,6 +216,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { ...@@ -215,6 +216,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
#endif #endif
.proxy_ndp = 0, .proxy_ndp = 0,
.accept_source_route = 0, /* we do not accept RH0 by default. */ .accept_source_route = 0, /* we do not accept RH0 by default. */
.disable_ipv6 = 0,
}; };
/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */ /* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
...@@ -3657,6 +3659,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, ...@@ -3657,6 +3659,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
#ifdef CONFIG_IPV6_MROUTE #ifdef CONFIG_IPV6_MROUTE
array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding; array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding;
#endif #endif
array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6;
} }
static inline size_t inet6_if_nlmsg_size(void) static inline size_t inet6_if_nlmsg_size(void)
...@@ -4215,6 +4218,14 @@ static struct addrconf_sysctl_table ...@@ -4215,6 +4218,14 @@ static struct addrconf_sysctl_table
.proc_handler = &proc_dointvec, .proc_handler = &proc_dointvec,
}, },
#endif #endif
{
.ctl_name = CTL_UNNUMBERED,
.procname = "disable_ipv6",
.data = &ipv6_devconf.disable_ipv6,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = &proc_dointvec,
},
{ {
.ctl_name = 0, /* sentinel */ .ctl_name = 0, /* sentinel */
} }
......
...@@ -71,7 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt ...@@ -71,7 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
IP6_INC_STATS_BH(idev, IPSTATS_MIB_INRECEIVES); IP6_INC_STATS_BH(idev, IPSTATS_MIB_INRECEIVES);
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) { if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
!idev || unlikely(idev->cnf.disable_ipv6)) {
IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS); IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS);
rcu_read_unlock(); rcu_read_unlock();
goto out; goto out;
......
...@@ -173,6 +173,13 @@ static inline int ip6_skb_dst_mtu(struct sk_buff *skb) ...@@ -173,6 +173,13 @@ static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
int ip6_output(struct sk_buff *skb) int ip6_output(struct sk_buff *skb)
{ {
struct inet6_dev *idev = ip6_dst_idev(skb->dst);
if (unlikely(idev->cnf.disable_ipv6)) {
IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS);
kfree_skb(skb);
return 0;
}
if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
dst_allfrag(skb->dst)) dst_allfrag(skb->dst))
return ip6_fragment(skb, ip6_output2); return ip6_fragment(skb, ip6_output2);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment