3 files changed, 38 insertions, 6 deletions

diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 6d5944a745d4..13a6fba41077 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr, sctp_scope_t scope)
          * of requested destination address, sender and receiver
          * SHOULD include all of its addresses with level greater
          * than or equal to L.
+         *
+         * Address scoping can be selectively controlled via sysctl
+         * option
          */
-        if (addr_scope <= scope)
+        switch (sctp_scope_policy) {
+        case SCTP_SCOPE_POLICY_DISABLE:
                 return 1;
+        case SCTP_SCOPE_POLICY_ENABLE:
+                if (addr_scope <= scope)
+                        return 1;
+                break;
+        case SCTP_SCOPE_POLICY_PRIVATE:
+                if (addr_scope <= scope || SCTP_SCOPE_PRIVATE == addr_scope)
+                        return 1;
+                break;
+        case SCTP_SCOPE_POLICY_LINK:
+                if (addr_scope <= scope || SCTP_SCOPE_LINK == addr_scope)
+                        return 1;
+                break;
+        default:
+                break;
+        }
 
         return 0;
 }
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index a76da657244a..60093be8385d 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr *addr, struct sctp_sock *sp)
  * of requested destination address, sender and receiver
  * SHOULD include all of its addresses with level greater
  * than or equal to L.
+ *
+ * IPv4 scoping can be controlled through sysctl option
+ * net.sctp.addr_scope_policy
  */
 static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
 {
         sctp_scope_t retval;
 
-        /* Should IPv4 scoping be a sysctl configurable option
-         * so users can turn it off (default on) for certain
-         * unconventional networking environments?
-         */
-
         /* Check for unusable SCTP addresses. */
         if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
                 retval =  SCTP_SCOPE_UNUSABLE;
@@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
         /* Disable AUTH by default. */
         sctp_auth_enable = 0;
 
+        /* Set SCOPE policy to enabled */
+        sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
+
         sctp_sysctl_register();
 
         INIT_LIST_HEAD(&sctp_address_families);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 63eabbc71298..ab7151da120f 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
 static int int_max = INT_MAX;
 static int sack_timer_min = 1;
 static int sack_timer_max = 500;
+static int addr_scope_max = 3; /* check sctp_scope_policy_t in include/net/sctp/constants.h for max entries */
 
 extern int sysctl_sctp_mem[3];
 extern int sysctl_sctp_rmem[3];
@@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
                 .proc_handler   = proc_dointvec,
                 .strategy       = sysctl_intvec
         },
+        {
+                .ctl_name       = CTL_UNNUMBERED,
+                .procname       = "addr_scope_policy",
+                .data           = &sctp_scope_policy,
+                .maxlen         = sizeof(int),
+                .mode           = 0644,
+                .proc_handler   = &proc_dointvec_minmax,
+                .strategy       = &sysctl_intvec,
+                .extra1         = &zero,
+                .extra2         = &addr_scope_max,
+        },
         { .ctl_name = 0 }
 };