Skip to content

Investigate: Evaluate semantics of IPv6 forwarding #785

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
jovatn opened this issue Oct 30, 2024 · 3 comments · Fixed by #959
Closed

Investigate: Evaluate semantics of IPv6 forwarding #785

jovatn opened this issue Oct 30, 2024 · 3 comments · Fixed by #959
Assignees
@troglobit
Milestone
FUTURE

Comments

@jovatn
Copy link
Contributor

jovatn commented Oct 30, 2024
edited
Loading

The way Infix handles the IPv6 forwarding primitive differs significantly from what's stated in ietf-ip.yang.
Is this how we want it?

New idea on 2025-02-05: Disable global IPv6 forwarding handle until at least one interface has IPv6 forwarding true.

Quote from Infix documentation:

For IPv6 the ability to route between interfaces is always enabled, instead this flag controls ...

Quote from ietf-ip.yang.

     leaf forwarding {
        type boolean;
        default false;
        description
          "Controls IPv6 packet forwarding of datagrams received by,
           but not addressed to, this interface.  IPv6 routers
           forward datagrams.  IPv6 hosts do not (except those
           source-routed via the host).";
        reference
          "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
                     Section 6.2.1, IsRouter";
      }
@jovatn jovatn converted this from a draft issue Oct 30, 2024
@jovatn jovatn added triage Pending investigation & classification (CCB) upstream Kernel, Buildroot, or other upstream related and removed upstream Kernel, Buildroot, or other upstream related labels Oct 30, 2024
@troglobit
Copy link
Contributor

CCB decision: use nftables.

@troglobit troglobit removed the triage Pending investigation & classification (CCB) label Oct 31, 2024
@troglobit troglobit added this to the Infix v24.12 milestone Oct 31, 2024
@troglobit troglobit modified the milestones: Infix v25.01, FUTURE Dec 5, 2024
@jovatn
Copy link
Contributor Author

jovatn commented Feb 5, 2025

New idea: Disable global IPv6 forwarding handle until at least one interface has IPv6 forwarding true.
I set the triage flag again, to get a new decision on priority by CCB.
Alternatively, we could create a separate issue.

@jovatn jovatn added the triage Pending investigation & classification (CCB) label Feb 5, 2025
@troglobit troglobit moved this to Todo in Infix & C:o Feb 7, 2025
@troglobit
Copy link
Contributor

CCB: good idea. Decision, implement suggestion: "disable global IPv6 forwarding handle until at least one interface has IPv6 forwarding".

@troglobit troglobit removed the triage Pending investigation & classification (CCB) label Feb 7, 2025
troglobit added a commit that referenced this issue Feb 24, 2025
@troglobit
Fix #785: disable global IPv6 fwd by default
4992660 
Enabled by user enabling IPv6 forwarding on any interface.  This change
also enables net.ipv6.conf.all.accept_ra (=2) to accept any IPv6 route
advertisements even when acting as a router.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
@troglobit troglobit mentioned this issue Feb 24, 2025
Merged
17 tasks
@troglobit troglobit moved this from Todo to In progress in Infix & C:o Feb 24, 2025
@troglobit troglobit self-assigned this Feb 24, 2025
troglobit added a commit that referenced this issue Feb 25, 2025
@troglobit
Fix #785: disable global IPv6 fwd by default
1adf252 
Enabled by user enabling IPv6 forwarding on any interface.  This change
also enables net.ipv6.conf.all.accept_ra (=2) to accept any IPv6 route
advertisements even when acting as a router.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
troglobit added a commit that referenced this issue Feb 25, 2025
@troglobit
Fix #785: disable global IPv6 fwd by default
54a8958 
Enabled by user enabling IPv6 forwarding on any interface.  This change
also enables net.ipv6.conf.all.accept_ra (=2) to accept any IPv6 route
advertisements even when acting as a router.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
troglobit added a commit that referenced this issue Feb 25, 2025
@troglobit
Fix #785: disable global IPv6 fwd by default
ea0bee1 
Enabled by user enabling IPv6 forwarding on any interface.  This change
also enables net.ipv6.conf.all.accept_ra (=2) to accept any IPv6 route
advertisements even when acting as a router.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
@github-project-automation github-project-automation bot moved this from In progress to Done in Infix & C:o Feb 25, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@troglobit troglobit

Labels
None yet
Projects
Infix & C:o
Status: Done
Milestone
FUTURE
Development

Successfully merging a pull request may close this issue.

Disable IPv6 forwarding by default kernelkit/infix
2 participants
@troglobit @jovatn