Commit fbea49e1e2404baa2d88ab47e2db89e49551b53b
Committed by
David S. Miller
David S. Miller
1 parent
62dd93181a
Exists in
master
and in
7 other branches
[IPV6] NDISC: Add proxy_ndp sysctl.
We do not always need proxy NDP functionality even we enable forwarding. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 6 changed files with 27 additions and 2 deletions Side-by-side Diff
Documentation/networking/ip-sysctl.txt
include/linux/ipv6.h
| ... | ... | @@ -176,6 +176,7 @@ |
| 176 | 176 | __s32 accept_ra_rt_info_max_plen; |
| 177 | 177 | #endif |
| 178 | 178 | #endif |
| 179 | + __s32 proxy_ndp; | |
| 179 | 180 | void *sysctl; |
| 180 | 181 | }; |
| 181 | 182 | |
| ... | ... | @@ -203,6 +204,7 @@ |
| 203 | 204 | DEVCONF_ACCEPT_RA_RTR_PREF, |
| 204 | 205 | DEVCONF_RTR_PROBE_INTERVAL, |
| 205 | 206 | DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN, |
| 207 | + DEVCONF_PROXY_NDP, | |
| 206 | 208 | DEVCONF_MAX |
| 207 | 209 | }; |
| 208 | 210 |
include/linux/sysctl.h
net/ipv6/addrconf.c
| ... | ... | @@ -175,6 +175,7 @@ |
| 175 | 175 | .accept_ra_rt_info_max_plen = 0, |
| 176 | 176 | #endif |
| 177 | 177 | #endif |
| 178 | + .proxy_ndp = 0, | |
| 178 | 179 | }; |
| 179 | 180 | |
| 180 | 181 | static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { |
| ... | ... | @@ -205,6 +206,7 @@ |
| 205 | 206 | .accept_ra_rt_info_max_plen = 0, |
| 206 | 207 | #endif |
| 207 | 208 | #endif |
| 209 | + .proxy_ndp = 0, | |
| 208 | 210 | }; |
| 209 | 211 | |
| 210 | 212 | /* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */ |
| ... | ... | @@ -3337,6 +3339,7 @@ |
| 3337 | 3339 | array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen; |
| 3338 | 3340 | #endif |
| 3339 | 3341 | #endif |
| 3342 | + array[DEVCONF_PROXY_NDP] = cnf->proxy_ndp; | |
| 3340 | 3343 | } |
| 3341 | 3344 | |
| 3342 | 3345 | /* Maximum length of ifinfomsg attributes */ |
| ... | ... | @@ -3859,6 +3862,14 @@ |
| 3859 | 3862 | }, |
| 3860 | 3863 | #endif |
| 3861 | 3864 | #endif |
| 3865 | + { | |
| 3866 | + .ctl_name = NET_IPV6_PROXY_NDP, | |
| 3867 | + .procname = "proxy_ndp", | |
| 3868 | + .data = &ipv6_devconf.proxy_ndp, | |
| 3869 | + .maxlen = sizeof(int), | |
| 3870 | + .mode = 0644, | |
| 3871 | + .proc_handler = &proc_dointvec, | |
| 3872 | + }, | |
| 3862 | 3873 | { |
| 3863 | 3874 | .ctl_name = 0, /* sentinel */ |
| 3864 | 3875 | } |
net/ipv6/ip6_output.c
| ... | ... | @@ -412,7 +412,9 @@ |
| 412 | 412 | return -ETIMEDOUT; |
| 413 | 413 | } |
| 414 | 414 | |
| 415 | - if (pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) { | |
| 415 | + /* XXX: idev->cnf.proxy_ndp? */ | |
| 416 | + if (ipv6_devconf.proxy_ndp && | |
| 417 | + pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) { | |
| 416 | 418 | int proxied = ip6_forward_proxy_check(skb); |
| 417 | 419 | if (proxied > 0) |
| 418 | 420 | return ip6_input(skb); |
net/ipv6/ndisc.c
| ... | ... | @@ -824,6 +824,7 @@ |
| 824 | 824 | |
| 825 | 825 | if (ipv6_chk_acast_addr(dev, &msg->target) || |
| 826 | 826 | (idev->cnf.forwarding && |
| 827 | + (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && | |
| 827 | 828 | (pneigh = pneigh_lookup(&nd_tbl, |
| 828 | 829 | &msg->target, dev, 0)) != NULL)) { |
| 829 | 830 | if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && |
| 830 | 831 | |
| ... | ... | @@ -966,8 +967,13 @@ |
| 966 | 967 | * has already sent a NA to us. |
| 967 | 968 | */ |
| 968 | 969 | if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && |
| 969 | - pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) | |
| 970 | + ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && | |
| 971 | + pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { | |
| 972 | + /* XXX: idev->cnf.prixy_ndp */ | |
| 973 | + WARN_ON(skb->dst != NULL && | |
| 974 | + ((struct rt6_info *)skb->dst)->rt6i_idev); | |
| 970 | 975 | goto out; |
| 976 | + } | |
| 971 | 977 | |
| 972 | 978 | neigh_update(neigh, lladdr, |
| 973 | 979 | msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, |