ipv6: add flowlabel_consistency sysctl With the introduction of IPV6_FL_F_REFLECT, there is no guarantee of flow label unicity. This patch introduces a new sysctl to protect the old behaviour, enable by default. Changelog of V3: * rename ip6_flowlabel_consistency to flowlabel_consistency * use net_info_ratelimited() * checkpatch cleanups Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 6444f72b4b74f627c51891101e93ba2b94078b0a [log] [tgz]
author: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Fri Jan 17 17:15:05 2014 +0100
committer: David S. Miller <davem@davemloft.net> Sun Jan 19 17:12:31 2014 -0800
tree: d5aa20605d13fa3e222e7e1bf1b7b678a295f398
parent: 46e5f401762c639e38eea350d335c0f54ec2442f [diff] [blame]
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 01bf252..dfa41bb 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c

@@ -588,8 +588,15 @@
 
 	case IPV6_FL_A_GET:
 		if (freq.flr_flags & IPV6_FL_F_REFLECT) {
+			struct net *net = sock_net(sk);
+			if (net->ipv6.sysctl.flowlabel_consistency) {
+				net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
+				return -EPERM;
+			}
+
 			if (sk->sk_protocol != IPPROTO_TCP)
 				return -ENOPROTOOPT;
+
 			np->repflow = 1;
 			return 0;
 		}
commit	6444f72b4b74f627c51891101e93ba2b94078b0a	[log] [tgz]
author	Florent Fourcot <florent.fourcot@enst-bretagne.fr>	Fri Jan 17 17:15:05 2014 +0100
committer	David S. Miller <davem@davemloft.net>	Sun Jan 19 17:12:31 2014 -0800
tree	d5aa20605d13fa3e222e7e1bf1b7b678a295f398
parent	46e5f401762c639e38eea350d335c0f54ec2442f [diff] [blame]