[PATCH net] ip6_vti: set netns_immutable on the fallback device.

Netdev List
 help / color / mirror / Atom feed

* [PATCH net] ip6_vti: set netns_immutable on the fallback device.
@ 2026-06-08 15:59 Eric Dumazet
  2026-06-08 16:13 ` Nicolas Dichtel
  0 siblings, 1 reply; 2+ messages in thread
From: Eric Dumazet @ 2026-06-08 15:59 UTC (permalink / raw)
  To: David S . Miller, Jakub Kicinski, Paolo Abeni
  Cc: Simon Horman, netdev, eric.dumazet, Eric Dumazet, Noam Rathaus,
	Nicolas Dichtel, Steffen Klassert

john1988 and Noam Rathaus reported that vti6_init_net() does not set the
netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).

Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)
correctly set this flag during their fallback device initialization to
prevent them from being moved to another network namespace.

Fixes: 61220ab34948 ("vti6: Enable namespace changing")
Reported-by: Noam Rathaus <noamr@ssd-disclosure.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv6/ip6_vti.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index df793c8bfffb0a26ea7f54933b88bccc9b1aa495..d2b74a6f2cf62dbb752d8842e1a4d33fc8392d41 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -1159,6 +1159,7 @@ static int __net_init vti6_init_net(struct net *net)
 		goto err_alloc_dev;
 	dev_net_set(ip6n->fb_tnl_dev, net);
 	ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
+	ip6n->fb_tnl_dev->netns_immutable = true;
 
 	err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
 	if (err < 0)
-- 
2.54.0.1032.g2f8565e1d1-goog


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH net] ip6_vti: set netns_immutable on the fallback device.
  2026-06-08 15:59 [PATCH net] ip6_vti: set netns_immutable on the fallback device Eric Dumazet
@ 2026-06-08 16:13 ` Nicolas Dichtel
  0 siblings, 0 replies; 2+ messages in thread
From: Nicolas Dichtel @ 2026-06-08 16:13 UTC (permalink / raw)
  To: Eric Dumazet, David S . Miller, Jakub Kicinski, Paolo Abeni
  Cc: Simon Horman, netdev, eric.dumazet, Noam Rathaus,
	Steffen Klassert

Le 08/06/2026 à 17:59, Eric Dumazet a écrit :
> john1988 and Noam Rathaus reported that vti6_init_net() does not set the
> netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).
> 
> Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)
> correctly set this flag during their fallback device initialization to
> prevent them from being moved to another network namespace.
> 
> Fixes: 61220ab34948 ("vti6: Enable namespace changing")
> Reported-by: Noam Rathaus <noamr@ssd-disclosure.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> Cc: Steffen Klassert <steffen.klassert@secunet.com>

Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-06-08 16:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-08 15:59 [PATCH net] ip6_vti: set netns_immutable on the fallback device Eric Dumazet
2026-06-08 16:13 ` Nicolas Dichtel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox