Skip to content

Commit

Permalink
netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
Browse files Browse the repository at this point in the history 
230ac49 introduced a dependency to CONFIG_IPV6 which breaks bridging
of IPv6 packets on a bridge with CONFIG_IPV6=n.

Sysctl entry /proc/sys/net/bridge/bridge-nf-call-ip6tables defaults to 1,
for this reason packets are handled by br_nf_pre_routing_ipv6(). When compiled
with CONFIG_IPV6=n this function returns NF_DROP but should return NF_ACCEPT
to let packets through.

Change CONFIG_IPV6=n br_nf_pre_routing_ipv6() return value to NF_ACCEPT.

Tested with a simple bridge with two interfaces and IPv6 packets trying
to pass from host on left side to host on right side of the bridge.

Fixes: 230ac49 ("netfilter: bridge: split ipv6 code into separated file")
Signed-off-by: Bernhard Thaler <bernhard.thaler@wvnet.at>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Bernhard Thaler authored and Pablo Neira Ayuso committed Aug 19, 2015
1 parent bf79865 commit 18e1db6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion include/net/netfilter/br_netfilter.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ static inline unsigned int
br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
return NF_DROP;
return NF_ACCEPT;
}
#endif

Expand Down

0 comments on commit 18e1db6

Please sign in to comment.