diff options
| author | Bhaskar Dutta <bhaskie@gmail.com> | 2009-09-03 07:55:47 -0400 |
|---|---|---|
| committer | Vlad Yasevich <vladislav.yasevich@hp.com> | 2009-09-04 18:21:01 -0400 |
| commit | 723884339f90a9c420783135168cc1045750eb5d (patch) | |
| tree | c8538602e56f2310470b0970bf121a1000313401 /net/sctp/bind_addr.c | |
| parent | 8da645e101a8c20c6073efda3c7cc74eec01b87f (diff) | |
sctp: Sysctl configuration for IPv4 Address Scoping
This patch introduces a new sysctl option to make IPv4 Address Scoping
configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
In networking environments where DNAT rules in iptables prerouting
chains convert destination IP's to link-local/private IP addresses,
SCTP connections fail to establish as the INIT chunk is dropped by the
kernel due to address scope match failure.
For example to support overlapping IP addresses (same IP address with
different vlan id) a Layer-5 application listens on link local IP's,
and there is a DNAT rule that maps the destination IP to a link local
IP. Such applications never get the SCTP INIT if the address-scoping
draft is strictly followed.
This sysctl configuration allows SCTP to function in such
unconventional networking environments.
Sysctl options:
0 - Disable IPv4 address scoping draft altogether
1 - Enable IPv4 address scoping (default, current behavior)
2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
3 - Enable address scoping but allow IPv4 link local address in init/init-ack
Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Diffstat (limited to 'net/sctp/bind_addr.c')
| -rw-r--r-- | net/sctp/bind_addr.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c index 6d5944a745d4..13a6fba41077 100644 --- a/net/sctp/bind_addr.c +++ b/net/sctp/bind_addr.c | |||
| @@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr, sctp_scope_t scope) | |||
| 510 | * of requested destination address, sender and receiver | 510 | * of requested destination address, sender and receiver |
| 511 | * SHOULD include all of its addresses with level greater | 511 | * SHOULD include all of its addresses with level greater |
| 512 | * than or equal to L. | 512 | * than or equal to L. |
| 513 | * | ||
| 514 | * Address scoping can be selectively controlled via sysctl | ||
| 515 | * option | ||
| 513 | */ | 516 | */ |
| 514 | if (addr_scope <= scope) | 517 | switch (sctp_scope_policy) { |
| 518 | case SCTP_SCOPE_POLICY_DISABLE: | ||
| 515 | return 1; | 519 | return 1; |
| 520 | case SCTP_SCOPE_POLICY_ENABLE: | ||
| 521 | if (addr_scope <= scope) | ||
| 522 | return 1; | ||
| 523 | break; | ||
| 524 | case SCTP_SCOPE_POLICY_PRIVATE: | ||
| 525 | if (addr_scope <= scope || SCTP_SCOPE_PRIVATE == addr_scope) | ||
| 526 | return 1; | ||
| 527 | break; | ||
| 528 | case SCTP_SCOPE_POLICY_LINK: | ||
| 529 | if (addr_scope <= scope || SCTP_SCOPE_LINK == addr_scope) | ||
| 530 | return 1; | ||
| 531 | break; | ||
| 532 | default: | ||
| 533 | break; | ||
| 534 | } | ||
| 516 | 535 | ||
| 517 | return 0; | 536 | return 0; |
| 518 | } | 537 | } |