| Message ID | 20240814123105.8474-2-nils@nilsfuhler.de (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net: ip6: ndisc: fix incorrect forwarding of proxied ns packets | expand |
On Wed, Aug 14, 2024 at 02:31:06PM +0200, Nils Fuhler wrote: > When enabling proxy_ndp per interface instead of globally, neighbor > solicitation packets sent to proxied global unicast addresses are > forwarded instead of generating a neighbor advertisement. When > proxy_ndp is enabled globally, these packets generate na responses as > expected. > > This patch fixes this behaviour. When an ns packet is sent to a > proxied unicast address, it generates an na response regardless > whether proxy_ndp is enabled per interface or globally. > > Signed-off-by: Nils Fuhler <nils@nilsfuhler.de> > --- > net/ipv6/ip6_output.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c > index ab504d31f0cd..13eaacc5a747 100644 > --- a/net/ipv6/ip6_output.c > +++ b/net/ipv6/ip6_output.c > @@ -551,8 +551,8 @@ int ip6_forward(struct sk_buff *skb) > return -ETIMEDOUT; > } > > - /* XXX: idev->cnf.proxy_ndp? */ > - if (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) && > + if ((READ_ONCE(net->ipv6.devconf_all->proxy_ndp) || > + READ_ONCE(idev->cnf.proxy_ndp)) && Hi Nils, Earlier in this function it is assumed that idev may be NULL, I think you need to take that into account here too. Flagged by Smatch. If you do post an update, please be sure to wait 24h before doing so. https://docs.kernel.org/process/maintainer-netdev.html > pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { > int proxied = ip6_forward_proxy_check(skb); > if (proxied > 0) { > -- > 2.39.2 > >
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index ab504d31f0cd..13eaacc5a747 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -551,8 +551,8 @@ int ip6_forward(struct sk_buff *skb) return -ETIMEDOUT; } - /* XXX: idev->cnf.proxy_ndp? */ - if (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) && + if ((READ_ONCE(net->ipv6.devconf_all->proxy_ndp) || + READ_ONCE(idev->cnf.proxy_ndp)) && pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { int proxied = ip6_forward_proxy_check(skb); if (proxied > 0) {
When enabling proxy_ndp per interface instead of globally, neighbor solicitation packets sent to proxied global unicast addresses are forwarded instead of generating a neighbor advertisement. When proxy_ndp is enabled globally, these packets generate na responses as expected. This patch fixes this behaviour. When an ns packet is sent to a proxied unicast address, it generates an na response regardless whether proxy_ndp is enabled per interface or globally. Signed-off-by: Nils Fuhler <nils@nilsfuhler.de> --- net/ipv6/ip6_output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)