Merge branch 'do-not-allow-adding-routes-if-disable_ipv6-is-enabled'

Lorenzo Bianconi says: ==================== do not allow adding routes if disable_ipv6 is enabled Do not allow userspace to add static ipv6 routes if disable_ipv6 is enabled. Update disable_ipv6 documentation according to that change Changes since v1: - added an extack message telling the user that IPv6 is disabled on the nexthop device - rebased on-top of net-next ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Mar 30, 2018 · e769604 · e769604
2 parents d162190 + 2f0aaf7
commit e769604
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
@@ -1703,7 +1703,9 @@ disable_ipv6 - BOOLEAN
 	interface and start Duplicate Address Detection, if necessary.
 
 	When this value is changed from 0 to 1 (IPv6 is being disabled),
-	it will dynamically delete all address on the given interface.
+	it will dynamically delete all addresses and routes on the given
+	interface. From now on it will not possible to add addresses/routes
+	to the selected interface.
 
 accept_dad - INTEGER
 	Whether to accept DAD (Duplicate Address Detection).

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
@@ -2917,6 +2917,12 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg,
 	if (!dev)
 		goto out;
 
+	if (idev->cnf.disable_ipv6) {
+		NL_SET_ERR_MSG(extack, "IPv6 is disabled on nexthop device");
+		err = -EACCES;
+		goto out;
+	}
+
 	if (!(dev->flags & IFF_UP)) {
 		NL_SET_ERR_MSG(extack, "Nexthop device is not up");
 		err = -ENETDOWN;