net ipv6: Prevent neighbor add if protocol is disabled on device

Disabling IPv6 on an interface removes existing entries but nothing prevents new entries from being manually added. To that end, add a new neigh_table operation, allow_add, that is called on RTM_NEWNEIGH to see if neighbor entries are allowed on a given device. If IPv6 is disabled on the device, allow_add returns false and passes a message back to the user via extack. $ echo 1 > /proc/sys/net/ipv6/conf/eth1/disable_ipv6 $ ip -6 neigh add fe80::4c88:bff:fe21:2704 dev eth1 lladdr de:ad:be:ef:01:01 Error: IPv6 is disabled on this device. Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David Ahern <dsahern@gmail.com> 2019-04-16 17:31:43 -0700
committer: David S. Miller <davem@davemloft.net> 2019-04-17 23:19:07 -0700
commit: b8fb1ab46169ac016a8552a6455bb0bfc401f8e2 (patch)
tree: a7d8430a9044e9e3203915f401e68abfd6e30c31 /net/core/neighbour.c
parent: cea29a70727e7885b3fdf0d266a57818652a89c1 (diff)
download: linux-b8fb1ab46169ac016a8552a6455bb0bfc401f8e2.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 30f6fd8f68e0..997cfa8f99ba 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1920,6 +1920,11 @@ static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
 		goto out;
 	}
 
+	if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
+		err = -EINVAL;
+		goto out;
+	}
+
 	neigh = neigh_lookup(tbl, dst, dev);
 	if (neigh == NULL) {
 		bool exempt_from_gc;
author	David Ahern <dsahern@gmail.com>	2019-04-16 17:31:43 -0700
committer	David S. Miller <davem@davemloft.net>	2019-04-17 23:19:07 -0700
commit	b8fb1ab46169ac016a8552a6455bb0bfc401f8e2 (patch)
tree	a7d8430a9044e9e3203915f401e68abfd6e30c31 /net/core/neighbour.c
parent	cea29a70727e7885b3fdf0d266a57818652a89c1 (diff)
download	linux-b8fb1ab46169ac016a8552a6455bb0bfc401f8e2.tar.bz2