Fri, Sep 16, 2016 at 11:48:10AM CEST, mmann...@brocade.com wrote: >Disabling forwarding per interface via sysctl continues to allow >forwarding. This is contrary to the sysctl documentation stating that >the forwarding sysctl is per interface, whereas currently it is only >the sysctl for all interfaces that has an effect on forwarding. The >solution is to drop any received packets instead of forwarding them >if the ingress device has a per-device forwarding sysctl that is unset. > >Signed-off-by: Mike Manning <mmann...@brocade.com>
The patch looks fine. But the subject is a bit weird: Subject: [PATCH] net: ipv6: Failure to disable forwarding per interface via sysctl In subject of the patch you should say what the patch does. >--- > net/ipv6/ip6_output.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c >index 1dfc402..37cd1d0 100644 >--- a/net/ipv6/ip6_output.c >+++ b/net/ipv6/ip6_output.c >@@ -380,11 +380,15 @@ int ip6_forward(struct sk_buff *skb) > struct ipv6hdr *hdr = ipv6_hdr(skb); > struct inet6_skb_parm *opt = IP6CB(skb); > struct net *net = dev_net(dst->dev); >+ struct inet6_dev *idev = __in6_dev_get(skb->dev); > u32 mtu; > > if (net->ipv6.devconf_all->forwarding == 0) > goto error; > >+ if (idev && !idev->cnf.forwarding) >+ goto error; >+ > if (skb->pkt_type != PACKET_HOST) > goto drop; > >-- >1.7.10.4 >
