Re: [PATCH] ipv6: add `do_forwarding` sysctl to enable per-interface forwarding
From: Gabriel Goller
Date: Fri Jun 27 2025 - 10:47:49 EST
On 26.06.2025 16:51, Nicolas Dichtel wrote:
Le 25/06/2025 à 16:26, Gabriel Goller a écrit :
It is currently impossible to enable ipv6 forwarding on a per-interface
basis like in ipv4. To enable forwarding on an ipv6 interface we need to
enable it on all interfaces and disable it on the other interfaces using
a netfilter rule. This is especially cumbersome if you have lots of
interface and only want to enable forwarding on a few. According to the
sysctl docs [0] the `net.ipv6.conf.all.forwarding` enables forwarding
for all interfaces, while the interface-specific
`net.ipv6.conf.<interface>.forwarding` configures the interface
Host/Router configuration.
Introduce a new sysctl flag `do_forwarding`, which can be set on every
interface. The ip6_forwarding function will then check if the global
forwarding flag OR the do_forwarding flag is active and forward the
packet. To preserver backwards-compatibility also reset the flag on all
interfaces when setting the global forwarding flag to 0.
[0]: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
Signed-off-by: Gabriel Goller <g.goller@xxxxxxxxxxx>
Please, export this sysctl via a NETCONFA_DO_FORWARDING attribute also.
Yep, will do.
---
* I don't have any hard feelings about the naming, Nicolas Dichtel
proposed `fwd_per_iface` but I think `do_forwarding` is a better fit.
What about force_forwarding?
I Agree!
* I'm also not sure about the reset when setting the global forwarding
flag; don't know if I did that right. Feedback is welcome!
It seems correct to me.
* Thanks for the help!
Maybe you could align ipv6.all.do_forwarding on ipv4.all.forwarding, ie setting
all existing ipv6.*.do_forwarding.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/devinet.c#n2423
Also done!
Regards,
Nicolas
Sent a new patch just now, thanks for reviewing!