ipv6: fix 'disable_policy' for forwarded packets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
The ipv6 sysctl entry 'disable_policy' has effect for local packets only (while the ipv4 version is for all packets coming from the specified interface).
This is fixed upstream with commit ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets").
https:/
[Test Case]
Enable 'disable_policy' for an interface:
sysctl -w net.ipv6.
Add an ipsec policy:
ip xfrm policy add src fd00:100::/64 dst fd00:200::/64 dir out tmpl src fd00:125::1 dst fd00:125::2 proto esp mode tunnel
Try a ping from subnet fd00:100::/64 to subnet fd00:200::/64.
[Regression Potential]
The patch is small and located in ip6_forward(), thus only this function is affected.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1936475
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.