Commit 9036b2fe authored by Francesco Ruggeri's avatar Francesco Ruggeri Committed by David S. Miller
Browse files

net: ipv6: add socket option IPV6_ROUTER_ALERT_ISOLATE 



By default IPv6 socket with IPV6_ROUTER_ALERT socket option set will
receive all IPv6 RA packets from all namespaces.
IPV6_ROUTER_ALERT_ISOLATE socket option restricts packets received by
the socket to be only from the socket's namespace.

Signed-off-by: default avatarMaxim Martynov <maxim@arista.com>
Signed-off-by: default avatarFrancesco Ruggeri <fruggeri@arista.com>
Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 46d84110

include/linux/ipv6.h

+2 −1
Original line number Diff line number Diff line
@@ -281,7 +281,8 @@ struct ipv6_pinfo { 
				dontfrag:1,

				autoflowlabel:1,

				autoflowlabel_set:1,

				mc_all:1;

				mc_all:1,

				rtalert_isolate:1;

	__u8			min_hopcount;

	__u8			tclass;

	__be32			rcv_flowinfo;

include/uapi/linux/in6.h

+1 −0
Original line number Diff line number Diff line
@@ -178,6 +178,7 @@ struct in6_flowlabel_req { 
#define IPV6_JOIN_ANYCAST	27

#define IPV6_LEAVE_ANYCAST	28

#define IPV6_MULTICAST_ALL	29

#define IPV6_ROUTER_ALERT_ISOLATE	30



/* IPV6_MTU_DISCOVER values */

#define IPV6_PMTUDISC_DONT		0

net/ipv6/ip6_output.c

+6 −0
Original line number Diff line number Diff line
@@ -300,6 +300,12 @@ static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 
		if (sk && ra->sel == sel &&

		    (!sk->sk_bound_dev_if ||

		     sk->sk_bound_dev_if == skb->dev->ifindex)) {

			struct ipv6_pinfo *np = inet6_sk(sk);



			if (np && np->rtalert_isolate &&

			    !net_eq(sock_net(sk), dev_net(skb->dev))) {

				continue;

			}

			if (last) {

				struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);

				if (skb2)

net/ipv6/ipv6_sockglue.c

+10 −0
Original line number Diff line number Diff line
@@ -787,6 +787,12 @@ done: 
			goto e_inval;

		retv = ip6_ra_control(sk, val);

		break;

	case IPV6_ROUTER_ALERT_ISOLATE:

		if (optlen < sizeof(int))

			goto e_inval;

		np->rtalert_isolate = valbool;

		retv = 0;

		break;

	case IPV6_MTU_DISCOVER:

		if (optlen < sizeof(int))

			goto e_inval;
@@ -1358,6 +1364,10 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 
		val = np->rxopt.bits.recvfragsize;

		break;



	case IPV6_ROUTER_ALERT_ISOLATE:

		val = np->rtalert_isolate;

		break;



	default:

		return -ENOPROTOOPT;

	}

CRA Git | Maintained and supported by SUSTech CRA and CCSE