mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/ipv6
History
Nicolas Dichtel bff0854e2f ipv6: fix 'disable_policy' for fwd packets 
[ Upstream commit ccd27f05ae ]

The goal of commit df789fe752 ("ipv6: Provide ipv6 version of
"disable_policy" sysctl") was to have the disable_policy from ipv4
available on ipv6.
However, it's not exactly the same mechanism. On IPv4, all packets coming
from an interface, which has disable_policy set, bypass the policy check.
For ipv6, this is done only for local packets, ie for packets destinated to
an address configured on the incoming interface.

Let's align ipv6 with ipv4 so that the 'disable_policy' sysctl has the same
effect for both protocols.

My first approach was to create a new kind of route cache entries, to be
able to set DST_NOPOLICY without modifying routes. This would have added a
lot of code. Because the local delivery path is already handled, I choose
to focus on the forwarding path to minimize code churn.

Fixes: df789fe752 ("ipv6: Provide ipv6 version of "disable_policy" sysctl")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-07-28 11:13:47 +02:00
..
ila ila: Fix rhashtable walker list corruption 2019-04-03 06:26:18 +02:00
netfilter netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:49:31 +02:00
addrconf.c ipv6: set multicast flag on the multicast route 2021-01-27 11:05:43 +01:00
addrconf_core.c net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2020-04-29 16:31:17 +02:00
addrlabel.c ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init 2020-12-08 10:18:51 +01:00
af_inet6.c net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2020-04-29 16:31:17 +02:00
ah6.c ah6: fix error return code in ah6_input() 2020-11-24 13:27:15 +01:00
anycast.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-08-11 15:32:34 +02:00
calipso.c cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-17 16:43:44 +01:00
datagram.c net: ipv6: add net argument to ip6_dst_lookup_flow 2020-04-29 16:31:16 +02:00
esp6.c esp: avoid unneeded kmap_atomic call 2021-01-23 15:49:55 +01:00
esp6_offload.c esp6: get the right proto for transport mode in esp6_gso_encap 2020-06-03 08:19:48 +02:00
exthdrs.c ipv6: fix out-of-bound access in ip6_parse_tlv() 2021-07-20 16:15:52 +02:00
exthdrs_core.c
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c
fou6.c
icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 09:39:59 +01:00
inet6_connection_sock.c net: ipv6: add net argument to ip6_dst_lookup_flow 2020-04-29 16:31:16 +02:00
inet6_hashtables.c tcp/dccp: fix possible race __inet_lookup_established() 2020-01-04 19:13:41 +01:00
ip6_checksum.c
ip6_fib.c net: ipv6: fib: flush exceptions when purging route 2021-01-17 14:04:19 +01:00
ip6_flowlabel.c ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero 2019-06-22 08:15:13 +02:00
ip6_gre.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 10:59:50 +02:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 09:39:59 +01:00
ip6_input.c ipv6: weaken the v4mapped source check 2021-04-07 12:48:47 +02:00
ip6_offload.c
ip6_offload.h
ip6_output.c ipv6: fix 'disable_policy' for fwd packets 2021-07-28 11:13:47 +02:00
ip6_tunnel.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 10:59:50 +02:00
ip6_udp_tunnel.c ipv6: explicitly initialize udp6_addr in udp_sock_create6() 2019-01-09 17:38:31 +01:00
ip6_vti.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 10:59:50 +02:00
ip6mr.c ip6mr: Do not call __IP6_INC_STATS() from preemptible context 2019-03-10 07:17:16 +01:00
ipcomp6.c
ipv6_sockglue.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-08-11 15:32:34 +02:00
Kconfig net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC 2020-09-26 18:01:29 +02:00
Makefile
mcast.c mld: fix panic in mld_newpack() 2021-06-03 08:38:11 +02:00
mcast_snoop.c
mip6.c
ndisc.c
netfilter.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-11-18 19:18:44 +01:00
output_core.c ipv6: use prandom_u32() for ID generation 2021-07-20 16:16:00 +02:00
ping.c ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' 2019-09-19 09:09:28 +02:00
proc.c
protocol.c
raw.c net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() 2021-04-14 08:22:33 +02:00
reassembly.c ipv6: record frag_max_size in atomic fragments in input path 2021-06-03 08:38:12 +02:00
route.c net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh 2021-04-14 08:22:32 +02:00
seg6.c ipv6: propagate genlmsg_reply return code 2019-02-27 10:08:58 +01:00
seg6_hmac.c
seg6_iptunnel.c ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation 2019-02-06 17:30:06 +01:00
seg6_local.c ipv6: sr: remove SKB_GSO_IPXIP6 on End.D* actions 2020-01-29 16:43:14 +01:00
sit.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 10:59:50 +02:00
syncookies.c net: Update window_clamp if SOCK_RCVBUF is set 2020-11-18 19:18:51 +01:00
sysctl_net_ipv6.c
tcp_ipv6.c ipv6: tcp: drop silly ICMPv6 packet too big messages 2021-07-28 11:13:45 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udp: annotate data races around unix_sk(sk)->gso_size 2021-07-28 11:13:46 +02:00
udp_impl.h
udp_offload.c
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c net: ipv6: fix return value of ip6_skb_dst_mtu 2021-07-28 11:13:44 +02:00
xfrm6_policy.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:13:37 +01:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c xfrm: clean up xfrm protocol checks 2019-05-25 18:23:41 +02:00