ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
This commit is contained in:
parent
5ce83afaac
commit
778d80be52
5 changed files with 26 additions and 1 deletions
|
@ -1025,6 +1025,10 @@ max_addresses - INTEGER
|
|||
autoconfigured addresses.
|
||||
Default: 16
|
||||
|
||||
disable_ipv6 - BOOLEAN
|
||||
Disable IPv6 operation.
|
||||
Default: FALSE (enable IPv6 operation)
|
||||
|
||||
icmp/*:
|
||||
ratelimit - INTEGER
|
||||
Limit the maximal rates for sending ICMPv6 packets.
|
||||
|
|
|
@ -163,6 +163,7 @@ struct ipv6_devconf {
|
|||
#ifdef CONFIG_IPV6_MROUTE
|
||||
__s32 mc_forwarding;
|
||||
#endif
|
||||
__s32 disable_ipv6;
|
||||
void *sysctl;
|
||||
};
|
||||
|
||||
|
@ -194,6 +195,7 @@ enum {
|
|||
DEVCONF_OPTIMISTIC_DAD,
|
||||
DEVCONF_ACCEPT_SOURCE_ROUTE,
|
||||
DEVCONF_MC_FORWARDING,
|
||||
DEVCONF_DISABLE_IPV6,
|
||||
DEVCONF_MAX
|
||||
};
|
||||
|
||||
|
|
|
@ -183,6 +183,7 @@ struct ipv6_devconf ipv6_devconf __read_mostly = {
|
|||
#endif
|
||||
.proxy_ndp = 0,
|
||||
.accept_source_route = 0, /* we do not accept RH0 by default. */
|
||||
.disable_ipv6 = 0,
|
||||
};
|
||||
|
||||
static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
|
||||
|
@ -215,6 +216,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
|
|||
#endif
|
||||
.proxy_ndp = 0,
|
||||
.accept_source_route = 0, /* we do not accept RH0 by default. */
|
||||
.disable_ipv6 = 0,
|
||||
};
|
||||
|
||||
/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
|
||||
|
@ -3657,6 +3659,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
|
|||
#ifdef CONFIG_IPV6_MROUTE
|
||||
array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding;
|
||||
#endif
|
||||
array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6;
|
||||
}
|
||||
|
||||
static inline size_t inet6_if_nlmsg_size(void)
|
||||
|
@ -4215,6 +4218,14 @@ static struct addrconf_sysctl_table
|
|||
.proc_handler = &proc_dointvec,
|
||||
},
|
||||
#endif
|
||||
{
|
||||
.ctl_name = CTL_UNNUMBERED,
|
||||
.procname = "disable_ipv6",
|
||||
.data = &ipv6_devconf.disable_ipv6,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec,
|
||||
},
|
||||
{
|
||||
.ctl_name = 0, /* sentinel */
|
||||
}
|
||||
|
|
|
@ -71,7 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
|
|||
|
||||
IP6_INC_STATS_BH(idev, IPSTATS_MIB_INRECEIVES);
|
||||
|
||||
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
|
||||
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
|
||||
!idev || unlikely(idev->cnf.disable_ipv6)) {
|
||||
IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS);
|
||||
rcu_read_unlock();
|
||||
goto out;
|
||||
|
|
|
@ -173,6 +173,13 @@ static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
|
|||
|
||||
int ip6_output(struct sk_buff *skb)
|
||||
{
|
||||
struct inet6_dev *idev = ip6_dst_idev(skb->dst);
|
||||
if (unlikely(idev->cnf.disable_ipv6)) {
|
||||
IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS);
|
||||
kfree_skb(skb);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
|
||||
dst_allfrag(skb->dst))
|
||||
return ip6_fragment(skb, ip6_output2);
|
||||
|
|
Loading…
Reference in a new issue