Commit 9036b2fe authored by Francesco Ruggeri's avatar Francesco Ruggeri Committed by David S. Miller

net: ipv6: add socket option IPV6_ROUTER_ALERT_ISOLATE

By default IPv6 socket with IPV6_ROUTER_ALERT socket option set will
receive all IPv6 RA packets from all namespaces.
IPV6_ROUTER_ALERT_ISOLATE socket option restricts packets received by
the socket to be only from the socket's namespace.
Signed-off-by: default avatarMaxim Martynov <maxim@arista.com>
Signed-off-by: default avatarFrancesco Ruggeri <fruggeri@arista.com>
Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 46d84110
...@@ -281,7 +281,8 @@ struct ipv6_pinfo { ...@@ -281,7 +281,8 @@ struct ipv6_pinfo {
dontfrag:1, dontfrag:1,
autoflowlabel:1, autoflowlabel:1,
autoflowlabel_set:1, autoflowlabel_set:1,
mc_all:1; mc_all:1,
rtalert_isolate:1;
__u8 min_hopcount; __u8 min_hopcount;
__u8 tclass; __u8 tclass;
__be32 rcv_flowinfo; __be32 rcv_flowinfo;
......
...@@ -178,6 +178,7 @@ struct in6_flowlabel_req { ...@@ -178,6 +178,7 @@ struct in6_flowlabel_req {
#define IPV6_JOIN_ANYCAST 27 #define IPV6_JOIN_ANYCAST 27
#define IPV6_LEAVE_ANYCAST 28 #define IPV6_LEAVE_ANYCAST 28
#define IPV6_MULTICAST_ALL 29 #define IPV6_MULTICAST_ALL 29
#define IPV6_ROUTER_ALERT_ISOLATE 30
/* IPV6_MTU_DISCOVER values */ /* IPV6_MTU_DISCOVER values */
#define IPV6_PMTUDISC_DONT 0 #define IPV6_PMTUDISC_DONT 0
......
...@@ -300,6 +300,12 @@ static int ip6_call_ra_chain(struct sk_buff *skb, int sel) ...@@ -300,6 +300,12 @@ static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
if (sk && ra->sel == sel && if (sk && ra->sel == sel &&
(!sk->sk_bound_dev_if || (!sk->sk_bound_dev_if ||
sk->sk_bound_dev_if == skb->dev->ifindex)) { sk->sk_bound_dev_if == skb->dev->ifindex)) {
struct ipv6_pinfo *np = inet6_sk(sk);
if (np && np->rtalert_isolate &&
!net_eq(sock_net(sk), dev_net(skb->dev))) {
continue;
}
if (last) { if (last) {
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
if (skb2) if (skb2)
......
...@@ -787,6 +787,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, ...@@ -787,6 +787,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
goto e_inval; goto e_inval;
retv = ip6_ra_control(sk, val); retv = ip6_ra_control(sk, val);
break; break;
case IPV6_ROUTER_ALERT_ISOLATE:
if (optlen < sizeof(int))
goto e_inval;
np->rtalert_isolate = valbool;
retv = 0;
break;
case IPV6_MTU_DISCOVER: case IPV6_MTU_DISCOVER:
if (optlen < sizeof(int)) if (optlen < sizeof(int))
goto e_inval; goto e_inval;
...@@ -1358,6 +1364,10 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, ...@@ -1358,6 +1364,10 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
val = np->rxopt.bits.recvfragsize; val = np->rxopt.bits.recvfragsize;
break; break;
case IPV6_ROUTER_ALERT_ISOLATE:
val = np->rtalert_isolate;
break;
default: default:
return -ENOPROTOOPT; return -ENOPROTOOPT;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment