From patchwork Tue Mar 27 17:11:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 891729 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 409cxT1V8Rz9s08 for ; Wed, 28 Mar 2018 04:11:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754668AbeC0RLi (ORCPT ); Tue, 27 Mar 2018 13:11:38 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:54988 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750753AbeC0RLg (ORCPT ); Tue, 27 Mar 2018 13:11:36 -0400 Received: by mail-wm0-f67.google.com with SMTP id h76so171968wme.4 for ; Tue, 27 Mar 2018 10:11:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=B3EC92M2axPdI5lAHvj7ht21yBH4EnMf14XrKI1UhY0=; b=OV1hs4K2DOiGS/aRIAPctMvys4AhE/R4wjhvl4+MMHR2ffK7qB1mltFT9yNQpR+NCz fbbxqiNHnj8suGR1WSIvJzHOIx2Okp/No5e6aREPuiXeBlXo3ZZGhbdcJ1DI9eL5AvhG lb/4GsQuJmUgwj8Ye3QHtXwKQUWYKBWWHesMoSld/1TB3dBGIRsX/etrn8YjOHOuRmHu 30e86FgCF6V0QN3x+ztBTbLzANC0yLnKkhcc8Lai+mDsAV2IQ+zZtw5zDdmVROim7RQQ L7mgSnMoGV8eug7paA1rTLB8XHXZYvz8Zazch7IviOscMly0UpY3fRXiH7dxAo0wdhzS 7iHg== X-Gm-Message-State: AElRT7F74e97wJynp0QxadYauUC/LTxT86nua2ltrJvGjDfMBTI6UjST a6bmUhVbdV9i7158+y/MCj+O7W9sr3A= X-Google-Smtp-Source: AIpwx4+Li4tPZMWppaN2g0bTj6iBqPSJg1K+y/1YJB2g+LoIuvIHMhwM4IPWTfjhqT2L/G5mOvh6Ow== X-Received: by 10.28.170.205 with SMTP id t196mr103774wme.42.1522170695016; Tue, 27 Mar 2018 10:11:35 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id g186sm2242444wmd.41.2018.03.27.10.11.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 27 Mar 2018 10:11:34 -0700 (PDT) From: Lorenzo Bianconi To: davem@davemloft.net Cc: netdev@vger.kernel.org Subject: [PATCH net-next 1/2] ipv6: do not set routes if disable_ipv6 has been enabled Date: Tue, 27 Mar 2018 19:11:25 +0200 Message-Id: <3635f139e31e1c28803ed6d76743c8d8da2c2d3d.1522166051.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Do not allow to set ipv6 routes from userspace if disable_ipv6 has been enabled. The issue can be triggered using the following reproducer: - sysctl net.ipv6.conf.all.disable_ipv6=1 - ip -6 route add a:b:c:d::/64 dev em1 - ip -6 route show a:b:c:d::/64 dev em1 metric 1024 pref medium Fix it checking disable_ipv6 value in ip6_route_info_create routine Signed-off-by: Lorenzo Bianconi --- net/ipv6/route.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 1d0eaa69874d..672fd7fdb037 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2917,6 +2917,11 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg, if (!dev) goto out; + if (idev->cnf.disable_ipv6) { + err = -EACCES; + goto out; + } + if (!(dev->flags & IFF_UP)) { NL_SET_ERR_MSG(extack, "Nexthop device is not up"); err = -ENETDOWN; From patchwork Tue Mar 27 17:11:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 891730 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 409cxV4Q6Wz9s02 for ; Wed, 28 Mar 2018 04:11:42 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755051AbeC0RLk (ORCPT ); Tue, 27 Mar 2018 13:11:40 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:39819 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752252AbeC0RLi (ORCPT ); Tue, 27 Mar 2018 13:11:38 -0400 Received: by mail-wm0-f66.google.com with SMTP id f125so202054wme.4 for ; Tue, 27 Mar 2018 10:11:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TiTV8hamsnCwwyUnN2YbAQ3E9yh1nwVtJ+RC5/Vy9VM=; b=roLQFg+HNkzz08tXwZxInB5ZKgQ3+vHY8J2MEknY30oab47AIcLAG8zvZcIX7EjsRK f1ALqHrlN35E7cGiqB+YqJvYhFhymnnsBlKfshRHDXYUZZogxGAfruiOZc5CHAQ3QG8M ARYbViAtNBJXIpq1KxnCkpees+qFwojWaqcD/f31R13NQ8kqFD57c3bpq+Txfh2z4HPv Zqc9O6xpilaiMPj5znI9dTl1dMWuNZLagrY+/LVcOeflvGQ+/ah9hpMdZitHGcWY+6DZ 4twnicm1YpSkVXLQGXEx13B4YbR+lBoKTCoiatDm0+s7K2B8p+ow9ajG0eKC8X3OTGzd L99A== X-Gm-Message-State: AElRT7F3xCigglw0LYHqb9SCEFTz9uu4l+VHkEQaTPvRYFnVhlu7YxR+ Xyh5GnLdIW+QjwN+hHVVKw184FdQyYM= X-Google-Smtp-Source: AIpwx48lyGoUR46dOUHz9s6aq0ebtzgkLGaLU7Rn7h3cdfSX2HrYqVH92ZL87EkUc/AFamoA/NfF8A== X-Received: by 10.28.111.131 with SMTP id c3mr93435wmi.80.1522170697105; Tue, 27 Mar 2018 10:11:37 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id g186sm2242444wmd.41.2018.03.27.10.11.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 27 Mar 2018 10:11:36 -0700 (PDT) From: Lorenzo Bianconi To: davem@davemloft.net Cc: netdev@vger.kernel.org Subject: [PATCH net-next 2/2] Documentation: ip-sysctl.txt: clarify disable_ipv6 Date: Tue, 27 Mar 2018 19:11:26 +0200 Message-Id: <11518389cceef8240958aff1a5a57b11b9e87501.1522166051.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Clarify that when disable_ipv6 is enabled even the ipv6 routes are deleted for the selected interface and from now it will not be possible to add addresses/routes to that interface Signed-off-by: Lorenzo Bianconi --- Documentation/networking/ip-sysctl.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 1d1120753ae8..33f35f049ad5 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt @@ -1703,7 +1703,9 @@ disable_ipv6 - BOOLEAN interface and start Duplicate Address Detection, if necessary. When this value is changed from 0 to 1 (IPv6 is being disabled), - it will dynamically delete all address on the given interface. + it will dynamically delete all addresses and routes on the given + interface. From now on it will not possible to add addresses/routes + to the selected interface. accept_dad - INTEGER Whether to accept DAD (Duplicate Address Detection).