From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Chenguang Zhao <chenguang.zhao@linux.dev>,
dsahern@kernel.org, idosch@nvidia.com, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com
Cc: horms@kernel.org, netdev@vger.kernel.org,
Chenguang Zhao <zhaochenguang@kylinos.cn>
Subject: Re: [PATCH net-next v2] ipv6: honor per-interface proxy_ndp in forward and NA paths
Date: Mon, 29 Jun 2026 15:59:00 +0200 [thread overview]
Message-ID: <dd26c96a-8c9b-4dc3-8eb8-a1c6a8842aab@6wind.com> (raw)
In-Reply-To: <20260629061831.1211922-1-chenguang.zhao@linux.dev>
Le 29/06/2026 à 08:18, Chenguang Zhao a écrit :
> ndisc_recv_ns() has always checked both devconf_all and idev->cnf for
> proxy_ndp, but ip6_forward() and ndisc_recv_na() only looked at the
> global setting. The original commit left XXX comments in these paths
> likely because idev was not available there at the time; ip6_forward()
> now obtains idev from IP6CB(skb)->iif.
>
> Honor per-interface proxy_ndp in both places to match the NS path and
> allow setups that only enable proxy_ndp on specific interfaces.
>
> In ip6_forward(), idev is looked up via the ingress interface (iif) while
> pneigh_lookup() uses skb->dev. For ND packets this is correct because
> vrf_ip6_rcv() does not modify skb->dev for neighbour discovery frames,
> so both refer to the ingress interface.
>
> Signed-off-by: Chenguang Zhao <zhaochenguang@kylinos.cn>
> ---
> v2:
> Per Ido's review, the following changes were made in v2:
> - Target net-next instead of net
> - Drop Fixes tag
> - Expand commit message: XXX comment history, idev vs skb->dev for ND packets
> - Fix subject prefix
>
> v1:
> - https://lore.kernel.org/all/20260623085600.396401-1-zhaochenguang@kylinos.cn/
>
> net/ipv6/ip6_output.c | 4 ++--
> net/ipv6/ndisc.c | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index 368e4fa3b43c..c4ca4a813479 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -579,8 +579,8 @@ int ip6_forward(struct sk_buff *skb)
> return -ETIMEDOUT;
> }
>
> - /* XXX: idev->cnf.proxy_ndp? */
> - if (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) &&
> + if ((READ_ONCE(net->ipv6.devconf_all->proxy_ndp) ||
> + (idev && READ_ONCE(idev->cnf.proxy_ndp))) &&
As stated by Ido, this changes a 20 years old user-visible behavior. It suddenly
may enable proxy NDP on a system.
I was thinking that this kind of change was prohibited.
Regards,
Nicolas
prev parent reply other threads:[~2026-06-29 13:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 8:56 [net] ipv6: honor per-interface proxy_ndp in forward and NA paths Chenguang Zhao
2026-06-25 7:53 ` Ido Schimmel
2026-06-29 6:18 ` [PATCH net-next v2] " Chenguang Zhao
2026-06-29 13:59 ` Nicolas Dichtel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dd26c96a-8c9b-4dc3-8eb8-a1c6a8842aab@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=chenguang.zhao@linux.dev \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=zhaochenguang@kylinos.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox