Leonardo Bras <leonardo@xxxxxxxxxxxxx> wrote: > On Thu, 2019-08-29 at 22:58 +0200, Florian Westphal wrote: > [...] > > 1. add a patch to BREAK in nft_fib_netdev.c for !ipv6_mod_enabled() > [...] > > But this is still needed? I mean, in nft_fib_netdev_eval there are only > 2 functions being called for IPv6 protocol : nft_fib6_eval and > nft_fib6_eval_type. Both are already protected by this current patch. > > Is your 1st suggestion about this patch, or you think it's better to > move this change to nft_fib_netdev_eval ? Ah, it was the latter. Making bridge netfilter not pass packets up with ipv6 off closes the problem for fib_ipv6 and inet, so only _netdev.c needs fixing.
