mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 13:53:33 +00:00
[IPV6]: ROUTE: Add accept_ra_defrtr sysctl.
This controls whether we accept default router information in RAs. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
073a8e0e15
commit
65f5c7c114
5 changed files with 26 additions and 1 deletions
|
@ -717,6 +717,12 @@ accept_ra - BOOLEAN
|
||||||
Functional default: enabled if local forwarding is disabled.
|
Functional default: enabled if local forwarding is disabled.
|
||||||
disabled if local forwarding is enabled.
|
disabled if local forwarding is enabled.
|
||||||
|
|
||||||
|
accept_ra_defrtr - BOOLEAN
|
||||||
|
Learn default router in Router Advertisement.
|
||||||
|
|
||||||
|
Functional default: enabled if accept_ra is enabled.
|
||||||
|
disabled if accept_ra is disabled.
|
||||||
|
|
||||||
accept_redirects - BOOLEAN
|
accept_redirects - BOOLEAN
|
||||||
Accept Redirects.
|
Accept Redirects.
|
||||||
|
|
||||||
|
|
|
@ -145,6 +145,7 @@ struct ipv6_devconf {
|
||||||
__s32 max_desync_factor;
|
__s32 max_desync_factor;
|
||||||
#endif
|
#endif
|
||||||
__s32 max_addresses;
|
__s32 max_addresses;
|
||||||
|
__s32 accept_ra_defrtr;
|
||||||
void *sysctl;
|
void *sysctl;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -167,6 +168,7 @@ enum {
|
||||||
DEVCONF_MAX_DESYNC_FACTOR,
|
DEVCONF_MAX_DESYNC_FACTOR,
|
||||||
DEVCONF_MAX_ADDRESSES,
|
DEVCONF_MAX_ADDRESSES,
|
||||||
DEVCONF_FORCE_MLD_VERSION,
|
DEVCONF_FORCE_MLD_VERSION,
|
||||||
|
DEVCONF_ACCEPT_RA_DEFRTR,
|
||||||
DEVCONF_MAX
|
DEVCONF_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -531,6 +531,7 @@ enum {
|
||||||
NET_IPV6_MAX_DESYNC_FACTOR=15,
|
NET_IPV6_MAX_DESYNC_FACTOR=15,
|
||||||
NET_IPV6_MAX_ADDRESSES=16,
|
NET_IPV6_MAX_ADDRESSES=16,
|
||||||
NET_IPV6_FORCE_MLD_VERSION=17,
|
NET_IPV6_FORCE_MLD_VERSION=17,
|
||||||
|
NET_IPV6_ACCEPT_RA_DEFRTR=18,
|
||||||
__NET_IPV6_MAX
|
__NET_IPV6_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -165,6 +165,7 @@ struct ipv6_devconf ipv6_devconf = {
|
||||||
.max_desync_factor = MAX_DESYNC_FACTOR,
|
.max_desync_factor = MAX_DESYNC_FACTOR,
|
||||||
#endif
|
#endif
|
||||||
.max_addresses = IPV6_MAX_ADDRESSES,
|
.max_addresses = IPV6_MAX_ADDRESSES,
|
||||||
|
.accept_ra_defrtr = 1,
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct ipv6_devconf ipv6_devconf_dflt = {
|
static struct ipv6_devconf ipv6_devconf_dflt = {
|
||||||
|
@ -186,6 +187,7 @@ static struct ipv6_devconf ipv6_devconf_dflt = {
|
||||||
.max_desync_factor = MAX_DESYNC_FACTOR,
|
.max_desync_factor = MAX_DESYNC_FACTOR,
|
||||||
#endif
|
#endif
|
||||||
.max_addresses = IPV6_MAX_ADDRESSES,
|
.max_addresses = IPV6_MAX_ADDRESSES,
|
||||||
|
.accept_ra_defrtr = 1,
|
||||||
};
|
};
|
||||||
|
|
||||||
/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
|
/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
|
||||||
|
@ -3116,6 +3118,7 @@ static void inline ipv6_store_devconf(struct ipv6_devconf *cnf,
|
||||||
array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
|
array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
|
||||||
#endif
|
#endif
|
||||||
array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
|
array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
|
||||||
|
array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
|
static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
|
||||||
|
@ -3568,6 +3571,14 @@ static struct addrconf_sysctl_table
|
||||||
.mode = 0644,
|
.mode = 0644,
|
||||||
.proc_handler = &proc_dointvec,
|
.proc_handler = &proc_dointvec,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV6_ACCEPT_RA_DEFRTR,
|
||||||
|
.procname = "accept_ra_defrtr",
|
||||||
|
.data = &ipv6_devconf.accept_ra_defrtr,
|
||||||
|
.maxlen = sizeof(int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
.ctl_name = 0, /* sentinel */
|
.ctl_name = 0, /* sentinel */
|
||||||
}
|
}
|
||||||
|
|
|
@ -1019,7 +1019,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
|
||||||
struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
|
struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
|
||||||
struct neighbour *neigh = NULL;
|
struct neighbour *neigh = NULL;
|
||||||
struct inet6_dev *in6_dev;
|
struct inet6_dev *in6_dev;
|
||||||
struct rt6_info *rt;
|
struct rt6_info *rt = NULL;
|
||||||
int lifetime;
|
int lifetime;
|
||||||
struct ndisc_options ndopts;
|
struct ndisc_options ndopts;
|
||||||
int optlen;
|
int optlen;
|
||||||
|
@ -1081,6 +1081,9 @@ static void ndisc_router_discovery(struct sk_buff *skb)
|
||||||
(ra_msg->icmph.icmp6_addrconf_other ?
|
(ra_msg->icmph.icmp6_addrconf_other ?
|
||||||
IF_RA_OTHERCONF : 0);
|
IF_RA_OTHERCONF : 0);
|
||||||
|
|
||||||
|
if (!in6_dev->cnf.accept_ra_defrtr)
|
||||||
|
goto skip_defrtr;
|
||||||
|
|
||||||
lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
|
lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
|
||||||
|
|
||||||
rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
|
rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
|
||||||
|
@ -1128,6 +1131,8 @@ static void ndisc_router_discovery(struct sk_buff *skb)
|
||||||
rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
|
rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
skip_defrtr:
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Update Reachable Time and Retrans Timer
|
* Update Reachable Time and Retrans Timer
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in a new issue