Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2826195ybl; Thu, 29 Aug 2019 13:31:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqzSTAAKw/T0wQDBFfEdk8MmxtCaQIKLvI8IGa1LzZE0VttOYXzCRAROveDn6YceeGD6W2Ap X-Received: by 2002:a65:4505:: with SMTP id n5mr8912579pgq.301.1567110675096; Thu, 29 Aug 2019 13:31:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567110675; cv=none; d=google.com; s=arc-20160816; b=rqxY+l4pkI5tH+uUKLaJjHct4j+lBarztiKCKPKtL5+ZlUhyTOxfN/kMimt+kFpEqh uvDhYg/J1K6z9e3CxZ+r9sUJX1fvLt8bLOBh7ad6ejJZ3DlJiPpTndX0JYjeQABvMaSe 22TOMgoOyWJ5CM/uti1dv7AEPeCkgCzysMWRCJDUfEye7NMb/D/ow8NuAkkjHeTfAgrJ YBYWFBq/3qnaray/WqHjnaSmv+ymFyou8s/v9DZ6U334YPws4/iM5f45hTvUBpZkKZ72 HlR2jgzAuKRY4MJ+NqTNdJSNkPfDb9chbNzL5AIUe9C4BlzxPiMwqAHyJOWoVz2lLkdQ kZGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=fFWATLfHqxiZmjjjLeKzh5cVe8AY4l0RiY4YOiUpJUI=; b=GdtHu4+NF+qKCNHfu+hxAj2dipp5iWYsIkCFIzCZkIUBraAlTRS9rumo4k3zg6xemd 5hn0jrQ63mA4Wson9YNAmvzlMZKBGvbQt6Pr0uIc60dOFTcHL6H3hbPpLmHDBmtI+mM+ nqcj2pC13WAOgiPanM/KQ52JrfDD16Nw6VBJo4ed3fJyB3zJ5YbHNVza6o76NWnbbJFu GcrwPfWqUQe8xJAnrOczkSB3NwNGJq9Ds5qwXF/lNFVDJbfr44TvwGqA5OGD7hbV+Mm/ xdqmpuEdT1lw7EcqpmxlKxM/3OyKG/65vp/6Jgus4Zw8qVGQ8QVqAqe7bE0Zj2SbnAZz LUIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q25si2888825pgv.114.2019.08.29.13.30.59; Thu, 29 Aug 2019 13:31:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727972AbfH2UaM (ORCPT + 99 others); Thu, 29 Aug 2019 16:30:12 -0400 Received: from Chamillionaire.breakpoint.cc ([193.142.43.52]:53550 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726661AbfH2UaL (ORCPT ); Thu, 29 Aug 2019 16:30:11 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1i3R3N-0007Cs-Vv; Thu, 29 Aug 2019 22:29:58 +0200 Date: Thu, 29 Aug 2019 22:29:57 +0200 From: Florian Westphal To: Leonardo Bras Cc: Pablo Neira Ayuso , Florian Westphal , "David S. Miller" , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Jozsef Kadlecsik , Alexey Kuznetsov , Hideaki YOSHIFUJI Subject: Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot Message-ID: <20190829202957.GL20113@breakpoint.cc> References: <20190821141505.2394-1-leonardo@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Leonardo Bras wrote: > > Thats a good point -- Leonardo, is the > > "net.bridge.bridge-nf-call-ip6tables" sysctl on? > > Running > # sudo sysctl -a > I can see: > net.bridge.bridge-nf-call-ip6tables = 1 > > So this packets are sent to host iptables for processing? Yes, this is an hold hack that was made because ebtables is very feature-limited. However, as I mentioned before I don't think there is anything we can do here except audit all affected nft expressions and ip6tables matches and add this check where needed. ip6t_rpfilter.c comes to mind. In any case your patch looks ok to me. > (Sorry for the delay, I did not received the previous e-mails. > Please include me in to/cc.) Sorry about that.