diff options
author | Bhaskar Dutta <bhaskie@gmail.com> | 2009-09-03 17:25:47 +0530 |
---|---|---|
committer | Vlad Yasevich <vladislav.yasevich@hp.com> | 2009-09-04 18:21:01 -0400 |
commit | 723884339f90a9c420783135168cc1045750eb5d (patch) | |
tree | c8538602e56f2310470b0970bf121a1000313401 /include/net | |
parent | 8da645e101a8c20c6073efda3c7cc74eec01b87f (diff) | |
download | linux-3.10-723884339f90a9c420783135168cc1045750eb5d.tar.gz linux-3.10-723884339f90a9c420783135168cc1045750eb5d.tar.bz2 linux-3.10-723884339f90a9c420783135168cc1045750eb5d.zip |
sctp: Sysctl configuration for IPv4 Address Scoping
This patch introduces a new sysctl option to make IPv4 Address Scoping
configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
In networking environments where DNAT rules in iptables prerouting
chains convert destination IP's to link-local/private IP addresses,
SCTP connections fail to establish as the INIT chunk is dropped by the
kernel due to address scope match failure.
For example to support overlapping IP addresses (same IP address with
different vlan id) a Layer-5 application listens on link local IP's,
and there is a DNAT rule that maps the destination IP to a link local
IP. Such applications never get the SCTP INIT if the address-scoping
draft is strictly followed.
This sysctl configuration allows SCTP to function in such
unconventional networking environments.
Sysctl options:
0 - Disable IPv4 address scoping draft altogether
1 - Enable IPv4 address scoping (default, current behavior)
2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
3 - Enable address scoping but allow IPv4 link local address in init/init-ack
Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/sctp/constants.h | 7 | ||||
-rw-r--r-- | include/net/sctp/structs.h | 10 |
2 files changed, 17 insertions, 0 deletions
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index af8c1508109..58f714a3b67 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h @@ -363,6 +363,13 @@ typedef enum { SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */ } sctp_scope_t; +typedef enum { + SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */ + SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */ + SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */ + SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local addresses */ +} sctp_scope_policy_t; + /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>, * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24, * 192.88.99.0/24. diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 993cfff9218..a48d80e77cd 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -219,6 +219,15 @@ extern struct sctp_globals { /* Flag to idicate if SCTP-AUTH is enabled */ int auth_enable; + /* + * Policy to control SCTP IPv4 address scoping + * 0 - Disable IPv4 address scoping + * 1 - Enable IPv4 address scoping + * 2 - Selectively allow only IPv4 private addresses + * 3 - Selectively allow only IPv4 link local address + */ + int ipv4_scope_policy; + /* Flag to indicate whether computing and verifying checksum * is disabled. */ int checksum_disable; @@ -252,6 +261,7 @@ extern struct sctp_globals { #define sctp_port_hashtable (sctp_globals.port_hashtable) #define sctp_local_addr_list (sctp_globals.local_addr_list) #define sctp_local_addr_lock (sctp_globals.addr_list_lock) +#define sctp_scope_policy (sctp_globals.ipv4_scope_policy) #define sctp_addip_enable (sctp_globals.addip_enable) #define sctp_addip_noauth (sctp_globals.addip_noauth_enable) #define sctp_prsctp_enable (sctp_globals.prsctp_enable) |