git.baikalelectronics.ru Git - kernel.git/commit

author	Nicolas Dichtel <nicolas.dichtel@6wind.com>
	Tue, 6 Jul 2021 09:13:35 +0000 (11:13 +0200)
committer	David S. Miller <davem@davemloft.net>
	Tue, 6 Jul 2021 22:23:07 +0000 (15:23 -0700)
commit	202cd2a6d52369788080fa4345b21903233aa5a7
tree	fac4f2f169ac15dcb58d95afeaa5f5b808da3ede	tree \| snapshot
parent	2f26927f341706e7def1b3c94539e989c544f38b	commit \| diff

ipv6: fix 'disable_policy' for fwd packets

The goal of commit b17168d7e2cc ("ipv6: Provide ipv6 version of
"disable_policy" sysctl") was to have the disable_policy from ipv4
available on ipv6.
However, it's not exactly the same mechanism. On IPv4, all packets coming
from an interface, which has disable_policy set, bypass the policy check.
For ipv6, this is done only for local packets, ie for packets destinated to
an address configured on the incoming interface.

Let's align ipv6 with ipv4 so that the 'disable_policy' sysctl has the same
effect for both protocols.

My first approach was to create a new kind of route cache entries, to be
able to set DST_NOPOLICY without modifying routes. This would have added a
lot of code. Because the local delivery path is already handled, I choose
to focus on the forwarding path to minimize code churn.

Fixes: b17168d7e2cc ("ipv6: Provide ipv6 version of "disable_policy" sysctl")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>