ndisc_recv_ns() has always checked both devconf_all and idev->cnf for proxy_ndp, but ip6_forward() and ndisc_recv_na() only looked at the global setting. The original commit left XXX comments in these paths likely because idev was not available there at the time; ip6_forward() now obtains idev from IP6CB(skb)->iif. Honor per-interface proxy_ndp in both places to match the NS path and allow setups that only enable proxy_ndp on specific interfaces. In ip6_forward(), idev is looked up via the ingress interface (iif) while pneigh_lookup() uses skb->dev. For ND packets this is correct because vrf_ip6_rcv() does not modify skb->dev for neighbour discovery frames, so both refer to the ingress interface. Signed-off-by: Chenguang Zhao --- v2: Per Ido's review, the following changes were made in v2: - Target net-next instead of net - Drop Fixes tag - Expand commit message: XXX comment history, idev vs skb->dev for ND packets - Fix subject prefix v1: - https://lore.kernel.org/all/20260623085600.396401-1-zhaochenguang@kylinos.cn/ net/ipv6/ip6_output.c | 4 ++-- net/ipv6/ndisc.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 368e4fa3b43c..c4ca4a813479 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -579,8 +579,8 @@ int ip6_forward(struct sk_buff *skb) return -ETIMEDOUT; } - /* XXX: idev->cnf.proxy_ndp? */ - if (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) && + if ((READ_ONCE(net->ipv6.devconf_all->proxy_ndp) || + (idev && READ_ONCE(idev->cnf.proxy_ndp))) && pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev)) { int proxied = ip6_forward_proxy_check(skb); diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index f867ec8d3d90..e03e94681738 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1096,9 +1096,9 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb) */ if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && READ_ONCE(net->ipv6.devconf_all->forwarding) && - READ_ONCE(net->ipv6.devconf_all->proxy_ndp) && + (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) || + (idev && READ_ONCE(idev->cnf.proxy_ndp))) && pneigh_lookup(&nd_tbl, net, &msg->target, dev)) { - /* XXX: idev->cnf.proxy_ndp */ goto out; } -- 2.25.1