ipv6: Nonlocal bind
authorTom Herbert <tom@herbertland.com>
Wed, 8 Jul 2015 23:58:22 +0000 (16:58 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 10 Jul 2015 04:09:10 +0000 (21:09 -0700)
Add support to allow non-local binds similar to how this was done for IPv4.
Non-local binds are very useful in emulating the Internet in a box, etc.

This add the ip_nonlocal_bind sysctl under ipv6.

Testing:

Set up nonlocal binding and receive routing on a host, e.g.:

ip -6 rule add from ::/0 iif eth0 lookup 200
ip -6 route add local 2001:0:0:1::/64 dev lo proto kernel scope host table 200
sysctl -w net.ipv6.ip_nonlocal_bind=1

Set up routing to 2001:0:0:1::/64 on peer to go to first host

ping6 -I 2001:0:0:1::1 peer-address -- to verify

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Documentation/networking/ip-sysctl.txt
include/net/netns/ipv6.h
net/ipv4/ping.c
net/ipv6/af_inet6.c
net/ipv6/raw.c
net/ipv6/sysctl_net_ipv6.c

index 5fae7704daab292cf900158666c2d4bb80dd2424..f63aeefd2c240f114e6c3090cacc2963c03c652c 100644 (file)
@@ -1435,6 +1435,11 @@ mtu - INTEGER
        Default Maximum Transfer Unit
        Default: 1280 (IPv6 required minimum)
 
+ip_nonlocal_bind - BOOLEAN
+       If set, allows processes to bind() to non-local IPv6 addresses,
+       which can be quite useful - but may break some applications.
+       Default: 0
+
 router_probe_interval - INTEGER
        Minimum interval (in seconds) between Router Probing described
        in RFC4191.
index 8d93544a2d2b5f21c7ed8b8137394df0758dbef3..c0368db6df54d78a1122c45aff412bcafa84b412 100644 (file)
@@ -31,6 +31,7 @@ struct netns_sysctl_ipv6 {
        int auto_flowlabels;
        int icmpv6_time;
        int anycast_src_echo_reply;
+       int ip_nonlocal_bind;
        int fwmark_reflect;
        int idgen_retries;
        int idgen_delay;
index 05ff44b758dfee1e02996a3726ac63854a96ad16..e89094ab5ddb8ce2b6eb2d78a9a9046b42287bd5 100644 (file)
@@ -363,7 +363,8 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
                                                    scoped);
                rcu_read_unlock();
 
-               if (!(isk->freebind || isk->transparent || has_addr ||
+               if (!(net->ipv6.sysctl.ip_nonlocal_bind ||
+                     isk->freebind || isk->transparent || has_addr ||
                      addr_type == IPV6_ADDR_ANY))
                        return -EADDRNOTAVAIL;
 
index 39e670a915969d730ed5d99190454b77e07ba836..7bc92ea4ae8fd17701f65aaa1a3063a3912ba259 100644 (file)
@@ -342,7 +342,8 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
                         */
                        v4addr = LOOPBACK4_IPV6;
                        if (!(addr_type & IPV6_ADDR_MULTICAST)) {
-                               if (!(inet->freebind || inet->transparent) &&
+                               if (!net->ipv6.sysctl.ip_nonlocal_bind &&
+                                   !(inet->freebind || inet->transparent) &&
                                    !ipv6_chk_addr(net, &addr->sin6_addr,
                                                   dev, 0)) {
                                        err = -EADDRNOTAVAIL;
index ca4700cb26c4feec258c8e5034389522125b113e..fdbada1569a37348b47b60769f7d679741b21d0a 100644 (file)
@@ -295,7 +295,8 @@ static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
                 * unspecified and mapped address have a v4 equivalent.
                 */
                v4addr = LOOPBACK4_IPV6;
-               if (!(addr_type & IPV6_ADDR_MULTICAST)) {
+               if (!(addr_type & IPV6_ADDR_MULTICAST) &&
+                   !sock_net(sk)->ipv6.sysctl.ip_nonlocal_bind) {
                        err = -EADDRNOTAVAIL;
                        if (!ipv6_chk_addr(sock_net(sk), &addr->sin6_addr,
                                           dev, 0)) {
index 4e705add4f187c69b1b11202d47808308e87cf80..db48aebd9c470c2d3a40c7a4250b67887250985e 100644 (file)
@@ -75,6 +75,13 @@ static struct ctl_table ipv6_table_template[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec
        },
+       {
+               .procname       = "ip_nonlocal_bind",
+               .data           = &init_net.ipv6.sysctl.ip_nonlocal_bind,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = proc_dointvec
+       },
        { }
 };
 
@@ -117,6 +124,7 @@ static int __net_init ipv6_sysctl_net_init(struct net *net)
        ipv6_table[5].data = &net->ipv6.sysctl.idgen_retries;
        ipv6_table[6].data = &net->ipv6.sysctl.idgen_delay;
        ipv6_table[7].data = &net->ipv6.sysctl.flowlabel_state_ranges;
+       ipv6_table[8].data = &net->ipv6.sysctl.ip_nonlocal_bind;
 
        ipv6_route_table = ipv6_route_sysctl_init(net);
        if (!ipv6_route_table)