Le 02/07/2025 à 16:34, Jakub Kicinski a écrit :
> On Wed, 2 Jul 2025 09:46:18 +0200 Gabriel Goller wrote:
>> It is currently impossible to enable ipv6 forwarding on a per-interface
>> basis like in ipv4. To enable forwarding on an ipv6 interface we need to
>> enable it on all interfaces and disable it on the other interfaces using
>> a netfilter rule. This is especially cumbersome if you have lots of
>> interface and only want to enable forwarding on a few. According to the
>> sysctl docs [0] the `net.ipv6.conf.all.forwarding` enables forwarding
>> for all interfaces, while the interface-specific
>> `net.ipv6.conf.<interface>.forwarding` configures the interface
>> Host/Router configuration.
>>
>> Introduce a new sysctl flag `force_forwarding`, which can be set on every
>> interface. The ip6_forwarding function will then check if the global
>> forwarding flag OR the force_forwarding flag is active and forward the
>> packet.
>
> Should we invert the polarity? It appears that the condition below only
> let's this setting _disable_ forwarding. IMO calling it "force" suggests
> to the user that it will force it to be enabled.
Not sure to follow you. When force_forwarding is set to 1 the forwarding is
always enabled.
sysctl | all.forwarding | iface.force_forwarding | packet processing from iface
| 0 | 0 | no forward
| 0 | 1 | forward
| 1 | 0 | forward
| 1 | 1 | forward
>
> Nicolas, how do you feel about asking for a selftest here?
> The functionality is fairly trivial from datapath PoV, but feels odd
> to merge uAPI these days without a selftest..
No problem, let's do it right.
