Commit e7696042 authored by David S. Miller's avatar David S. Miller

Merge branch 'do-not-allow-adding-routes-if-disable_ipv6-is-enabled'

Lorenzo Bianconi says:

====================
do not allow adding routes if disable_ipv6 is enabled

Do not allow userspace to add static ipv6 routes if disable_ipv6 is enabled.
Update disable_ipv6 documentation according to that change

Changes since v1:
- added an extack message telling the user that IPv6 is disabled on the nexthop
  device
- rebased on-top of net-next
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents d162190b 2f0aaf7f
...@@ -1703,7 +1703,9 @@ disable_ipv6 - BOOLEAN ...@@ -1703,7 +1703,9 @@ disable_ipv6 - BOOLEAN
interface and start Duplicate Address Detection, if necessary. interface and start Duplicate Address Detection, if necessary.
When this value is changed from 0 to 1 (IPv6 is being disabled), When this value is changed from 0 to 1 (IPv6 is being disabled),
it will dynamically delete all address on the given interface. it will dynamically delete all addresses and routes on the given
interface. From now on it will not possible to add addresses/routes
to the selected interface.
accept_dad - INTEGER accept_dad - INTEGER
Whether to accept DAD (Duplicate Address Detection). Whether to accept DAD (Duplicate Address Detection).
......
...@@ -2917,6 +2917,12 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg, ...@@ -2917,6 +2917,12 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg,
if (!dev) if (!dev)
goto out; goto out;
if (idev->cnf.disable_ipv6) {
NL_SET_ERR_MSG(extack, "IPv6 is disabled on nexthop device");
err = -EACCES;
goto out;
}
if (!(dev->flags & IFF_UP)) { if (!(dev->flags & IFF_UP)) {
NL_SET_ERR_MSG(extack, "Nexthop device is not up"); NL_SET_ERR_MSG(extack, "Nexthop device is not up");
err = -ENETDOWN; err = -ENETDOWN;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment