diff options
author | Florent Fourcot <florent.fourcot@enst-bretagne.fr> | 2014-01-17 11:15:05 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-01-19 20:12:31 -0500 |
commit | 6444f72b4b74f627c51891101e93ba2b94078b0a (patch) | |
tree | d5aa20605d13fa3e222e7e1bf1b7b678a295f398 /net/ipv6/ip6_flowlabel.c | |
parent | 46e5f401762c639e38eea350d335c0f54ec2442f (diff) |
ipv6: add flowlabel_consistency sysctl
With the introduction of IPV6_FL_F_REFLECT, there is no guarantee of
flow label unicity. This patch introduces a new sysctl to protect the old
behaviour, enable by default.
Changelog of V3:
* rename ip6_flowlabel_consistency to flowlabel_consistency
* use net_info_ratelimited()
* checkpatch cleanups
Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ip6_flowlabel.c')
-rw-r--r-- | net/ipv6/ip6_flowlabel.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index 01bf2524c72a..dfa41bb4e0dc 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c | |||
@@ -588,8 +588,15 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen) | |||
588 | 588 | ||
589 | case IPV6_FL_A_GET: | 589 | case IPV6_FL_A_GET: |
590 | if (freq.flr_flags & IPV6_FL_F_REFLECT) { | 590 | if (freq.flr_flags & IPV6_FL_F_REFLECT) { |
591 | struct net *net = sock_net(sk); | ||
592 | if (net->ipv6.sysctl.flowlabel_consistency) { | ||
593 | net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n"); | ||
594 | return -EPERM; | ||
595 | } | ||
596 | |||
591 | if (sk->sk_protocol != IPPROTO_TCP) | 597 | if (sk->sk_protocol != IPPROTO_TCP) |
592 | return -ENOPROTOOPT; | 598 | return -ENOPROTOOPT; |
599 | |||
593 | np->repflow = 1; | 600 | np->repflow = 1; |
594 | return 0; | 601 | return 0; |
595 | } | 602 | } |