From 6444f72b4b74f627c51891101e93ba2b94078b0a Mon Sep 17 00:00:00 2001 From: Florent Fourcot Date: Fri, 17 Jan 2014 17:15:05 +0100 Subject: ipv6: add flowlabel_consistency sysctl With the introduction of IPV6_FL_F_REFLECT, there is no guarantee of flow label unicity. This patch introduces a new sysctl to protect the old behaviour, enable by default. Changelog of V3: * rename ip6_flowlabel_consistency to flowlabel_consistency * use net_info_ratelimited() * checkpatch cleanups Signed-off-by: Florent Fourcot Acked-by: Hannes Frederic Sowa Signed-off-by: David S. Miller --- net/ipv6/ip6_flowlabel.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'net/ipv6/ip6_flowlabel.c') diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index 01bf2524c72a..dfa41bb4e0dc 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -588,8 +588,15 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen) case IPV6_FL_A_GET: if (freq.flr_flags & IPV6_FL_F_REFLECT) { + struct net *net = sock_net(sk); + if (net->ipv6.sysctl.flowlabel_consistency) { + net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n"); + return -EPERM; + } + if (sk->sk_protocol != IPPROTO_TCP) return -ENOPROTOOPT; + np->repflow = 1; return 0; } -- cgit v1.2.2