summaryrefslogtreecommitdiff
path: root/net/ipv6/ndisc.c
diff options
context:
space:
mode:
authorBen Greear <greearb@candelatech.com>2014-06-25 14:44:53 -0700
committerDavid S. Miller <davem@davemloft.net>2014-07-01 12:16:24 -0700
commitd93331965729850303f6111381c1a4a9e9b8ae5a (patch)
treea2d5fbd89ff16883d860fff197cf50f4abed26ae /net/ipv6/ndisc.c
parentf2a762d8a97032e58c09c5798832e25268e1c111 (diff)
downloadlwn-d93331965729850303f6111381c1a4a9e9b8ae5a.tar.gz
lwn-d93331965729850303f6111381c1a4a9e9b8ae5a.zip
ipv6: Allow accepting RA from local IP addresses.
This can be used in virtual networking applications, and may have other uses as well. The option is disabled by default. A specific use case is setting up virtual routers, bridges, and hosts on a single OS without the use of network namespaces or virtual machines. With proper use of ip rules, routing tables, veth interface pairs and/or other virtual interfaces, and applications that can bind to interfaces and/or IP addresses, it is possibly to create one or more virtual routers with multiple hosts attached. The host interfaces can act as IPv6 systems, with radvd running on the ports in the virtual routers. With the option provided in this patch enabled, those hosts can now properly obtain IPv6 addresses from the radvd. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ndisc.c')
-rw-r--r--net/ipv6/ndisc.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 736c11c6d266..a845e3d2057e 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1148,11 +1148,15 @@ static void ndisc_router_discovery(struct sk_buff *skb)
goto skip_defrtr;
}
- if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
- NULL, 0)) {
+ /* Do not accept RA with source-addr found on local machine unless
+ * accept_ra_from_local is set to true.
+ */
+ if (!(in6_dev->cnf.accept_ra_from_local ||
+ ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
+ NULL, 0))) {
ND_PRINTK(2, info,
- "RA: %s, chk_addr failed for dev: %s\n",
- __func__, skb->dev->name);
+ "RA from local address detected on dev: %s: default router ignored\n",
+ skb->dev->name);
goto skip_defrtr;
}
@@ -1290,11 +1294,12 @@ skip_linkparms:
}
#ifdef CONFIG_IPV6_ROUTE_INFO
- if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
- NULL, 0)) {
+ if (!(in6_dev->cnf.accept_ra_from_local ||
+ ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
+ NULL, 0))) {
ND_PRINTK(2, info,
- "RA: %s, chk-addr (route info) is false for dev: %s\n",
- __func__, skb->dev->name);
+ "RA from local address detected on dev: %s: router info ignored.\n",
+ skb->dev->name);
goto skip_routeinfo;
}