aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/ip6_flowlabel.c
diff options
context:
space:
mode:
authorFlorent Fourcot <florent.fourcot@enst-bretagne.fr>2014-01-17 11:15:05 -0500
committerDavid S. Miller <davem@davemloft.net>2014-01-19 20:12:31 -0500
commit6444f72b4b74f627c51891101e93ba2b94078b0a (patch)
treed5aa20605d13fa3e222e7e1bf1b7b678a295f398 /net/ipv6/ip6_flowlabel.c
parent46e5f401762c639e38eea350d335c0f54ec2442f (diff)
ipv6: add flowlabel_consistency sysctl
With the introduction of IPV6_FL_F_REFLECT, there is no guarantee of flow label unicity. This patch introduces a new sysctl to protect the old behaviour, enable by default. Changelog of V3: * rename ip6_flowlabel_consistency to flowlabel_consistency * use net_info_ratelimited() * checkpatch cleanups Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ip6_flowlabel.c')
-rw-r--r--net/ipv6/ip6_flowlabel.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 01bf2524c72a..dfa41bb4e0dc 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -588,8 +588,15 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
588 588
589 case IPV6_FL_A_GET: 589 case IPV6_FL_A_GET:
590 if (freq.flr_flags & IPV6_FL_F_REFLECT) { 590 if (freq.flr_flags & IPV6_FL_F_REFLECT) {
591 struct net *net = sock_net(sk);
592 if (net->ipv6.sysctl.flowlabel_consistency) {
593 net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
594 return -EPERM;
595 }
596
591 if (sk->sk_protocol != IPPROTO_TCP) 597 if (sk->sk_protocol != IPPROTO_TCP)
592 return -ENOPROTOOPT; 598 return -ENOPROTOOPT;
599
593 np->repflow = 1; 600 np->repflow = 1;
594 return 0; 601 return 0;
595 } 602 }