* [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
@ 2009-08-28 11:22 Bhaskar Dutta
2009-08-28 13:48 ` Vlad Yasevich
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Bhaskar Dutta @ 2009-08-28 11:22 UTC (permalink / raw)
To: linux-sctp
Hi,
This patch introduces a new sysctl option to make IPv4 Address Scoping
configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
In networking environments where DNAT rules in prerouting chains convert dest
IP's to link-local/private IP addresses, SCTP connections fail to establish
as the INIT chunk is dropped by the kernel due to address scope match failure.
For example to support overlapping IP addresses a Layer-5 application listens
on link local IP's, and there is a DNAT rule that maps the dest IP to a link
local IP. Such applications never get the SCTP INIT if the address-scoping draft
is strictly followed.
This sysctl configuration allows SCTP to function in such unconventional
networking environments.
Sysctl options:
0 - Disable IPv4 address scoping draft altogether
1 - Enable IPv4 address scoping (default, current behavior)
2 - Enable address scoping but allow IPv4 private addresses (as
defined in draft)
3 - Enable address scoping but allow IPv4 link local address (as
defined in draft)
Regards,
Bhaskar
Patch generated against kernel 2.6.31-rc7.
Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
---
Documentation/networking/ip-sysctl.txt | 10 ++++++++++
include/linux/sysctl.h | 1 +
include/net/sctp/constants.h | 7 +++++++
include/net/sctp/structs.h | 11 +++++++++++
kernel/sysctl_check.c | 1 +
net/sctp/bind_addr.c | 19 +++++++++++++++++++
net/sctp/protocol.c | 11 ++++++-----
net/sctp/sysctl.c | 12 ++++++++++++
8 files changed, 67 insertions(+), 5 deletions(-)
diff --git a/Documentation/networking/ip-sysctl.txt
b/Documentation/networking/ip-sysctl.txt
index 8be7623..da07602 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
sctp_wmem - vector of 3 INTEGERs: min, default, max
See tcp_wmem for a description.
+addr_scope_policy - INTEGER
+ Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
+
+ 0 - Disable IPv4 address scoping
+ 1 - Enable IPv4 address scoping
+ 2 - Follow draft but allow IPv4 private addresses
+ 3 - Follow draft but allow IPv4 link local addresses
+
+ Default: 1
+
/proc/sys/net/core/*
dev_weight - INTEGER
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index e76d3b2..5f3db20 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -779,6 +779,7 @@ enum {
NET_SCTP_SNDBUF_POLICY = 15,
NET_SCTP_SACK_TIMEOUT = 16,
NET_SCTP_RCVBUF_POLICY = 17,
+ NET_SCTP_SCOPE_POLICY = 18,
};
/* /proc/sys/net/bridge */
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index b05b055..699e6ae 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -361,6 +361,13 @@ typedef enum {
SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
} sctp_scope_t;
+typedef enum {
+ SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
+ SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
+ SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
+ SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
addresses */
+} sctp_scope_policy_t;
+
/* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
* SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
* 192.88.99.0/24.
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index edfcacf..547fbb1 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -219,6 +219,16 @@ extern struct sctp_globals {
/* Flag to idicate if SCTP-AUTH is enabled */
int auth_enable;
+ /*
+ * Policy to control SCTP IPv4 address scoping
+ * 0 - Disable IPv4 address scoping
+ * 1 - Enable IPv4 address scoping
+ * 2 - Selectively allow only IPv4 private addresses
+ * 3 - Selectively allow only IPv4 link local address
+ */
+ int ipv4_scope_policy;
+
+
/* Flag to indicate whether computing and verifying checksum
* is disabled. */
int checksum_disable;
@@ -252,6 +262,7 @@ extern struct sctp_globals {
#define sctp_port_hashtable (sctp_globals.port_hashtable)
#define sctp_local_addr_list (sctp_globals.local_addr_list)
#define sctp_local_addr_lock (sctp_globals.addr_list_lock)
+#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
#define sctp_addip_enable (sctp_globals.addip_enable)
#define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
#define sctp_prsctp_enable (sctp_globals.prsctp_enable)
diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
index b38423c..6a813a4 100644
--- a/kernel/sysctl_check.c
+++ b/kernel/sysctl_check.c
@@ -604,6 +604,7 @@ static const struct trans_ctl_table
trans_net_sctp_table[] = {
{ NET_SCTP_SNDBUF_POLICY, "sndbuf_policy" },
{ NET_SCTP_SACK_TIMEOUT, "sack_timeout" },
{ NET_SCTP_RCVBUF_POLICY, "rcvbuf_policy" },
+ { NET_SCTP_SCOPE_POLICY, "addr_scope_policy" },
{}
};
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 6d5944a..6d8e0b0 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
sctp_scope_t scope)
* of requested destination address, sender and receiver
* SHOULD include all of its addresses with level greater
* than or equal to L.
+ *
+ * Address scoping can be selectively controlled via sysctl
+ * option
*/
+ switch (sctp_scope_policy) {
+ case SCTP_SCOPE_POLICY_DISABLE:
+ return 1;
+ case SCTP_SCOPE_POLICY_ENABLE:
if (addr_scope <= scope)
return 1;
+ break;
+ case SCTP_SCOPE_POLICY_PRIVATE:
+ if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
+ return 1;
+ break;
+ case SCTP_SCOPE_POLICY_LINK:
+ if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
+ return 1;
+ break;
+ default:
+ break;
+ }
return 0;
}
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index a76da65..5c65cac 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
*addr, struct sctp_sock *sp)
* of requested destination address, sender and receiver
* SHOULD include all of its addresses with level greater
* than or equal to L.
+ *
+ * IPv4 scoping can be controlled through sysctl option
+ * net.sctp.addr_scope_policy
*/
static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
{
sctp_scope_t retval;
- /* Should IPv4 scoping be a sysctl configurable option
- * so users can turn it off (default on) for certain
- * unconventional networking environments?
- */
-
/* Check for unusable SCTP addresses. */
if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
retval = SCTP_SCOPE_UNUSABLE;
@@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
/* Disable AUTH by default. */
sctp_auth_enable = 0;
+ /* Set SCOPE policy to enabled */
+ sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
+
sctp_sysctl_register();
INIT_LIST_HEAD(&sctp_address_families);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 63eabbc..9f1b412 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
static int int_max = INT_MAX;
static int sack_timer_min = 1;
static int sack_timer_max = 500;
+static int addr_scope_max = 3; /* check sctp_scope_policy_t in
include/net/sctp/constants.h for max entries */
extern int sysctl_sctp_mem[3];
extern int sysctl_sctp_rmem[3];
@@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
.proc_handler = proc_dointvec,
.strategy = sysctl_intvec
},
+ {
+ .ctl_name = NET_SCTP_SCOPE_POLICY,
+ .procname = "addr_scope_policy",
+ .data = &sctp_scope_policy,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = &proc_dointvec_minmax,
+ .strategy = &sysctl_intvec,
+ .extra1 = &zero,
+ .extra2 = &addr_scope_max,
+ },
{ .ctl_name = 0 }
};
--
1.6.2.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
@ 2009-08-28 13:48 ` Vlad Yasevich
2009-09-03 11:55 ` Bhaskar Dutta
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Vlad Yasevich @ 2009-08-28 13:48 UTC (permalink / raw)
To: linux-sctp
Hi Bhaskar
Some comments...
Bhaskar Dutta wrote:
> Hi,
>
> This patch introduces a new sysctl option to make IPv4 Address Scoping
> configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
>
> In networking environments where DNAT rules in prerouting chains convert dest
> IP's to link-local/private IP addresses, SCTP connections fail to establish
> as the INIT chunk is dropped by the kernel due to address scope match failure.
> For example to support overlapping IP addresses a Layer-5 application listens
> on link local IP's, and there is a DNAT rule that maps the dest IP to a link
> local IP. Such applications never get the SCTP INIT if the address-scoping draft
> is strictly followed.
>
> This sysctl configuration allows SCTP to function in such unconventional
> networking environments.
>
> Sysctl options:
> 0 - Disable IPv4 address scoping draft altogether
> 1 - Enable IPv4 address scoping (default, current behavior)
> 2 - Enable address scoping but allow IPv4 private addresses (as
> defined in draft)
> 3 - Enable address scoping but allow IPv4 link local address (as
> defined in draft)
>
> Regards,
> Bhaskar
>
> Patch generated against kernel 2.6.31-rc7.
>
> Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
> ---
> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
> include/linux/sysctl.h | 1 +
> include/net/sctp/constants.h | 7 +++++++
> include/net/sctp/structs.h | 11 +++++++++++
> kernel/sysctl_check.c | 1 +
> net/sctp/bind_addr.c | 19 +++++++++++++++++++
> net/sctp/protocol.c | 11 ++++++-----
> net/sctp/sysctl.c | 12 ++++++++++++
> 8 files changed, 67 insertions(+), 5 deletions(-)
>
> diff --git a/Documentation/networking/ip-sysctl.txt
> b/Documentation/networking/ip-sysctl.txt
> index 8be7623..da07602 100644
> --- a/Documentation/networking/ip-sysctl.txt
> +++ b/Documentation/networking/ip-sysctl.txt
> @@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
> sctp_wmem - vector of 3 INTEGERs: min, default, max
> See tcp_wmem for a description.
>
> +addr_scope_policy - INTEGER
> + Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
> +
> + 0 - Disable IPv4 address scoping
> + 1 - Enable IPv4 address scoping
> + 2 - Follow draft but allow IPv4 private addresses
> + 3 - Follow draft but allow IPv4 link local addresses
> +
> + Default: 1
> +
>
> /proc/sys/net/core/*
> dev_weight - INTEGER
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index e76d3b2..5f3db20 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -779,6 +779,7 @@ enum {
> NET_SCTP_SNDBUF_POLICY = 15,
> NET_SCTP_SACK_TIMEOUT = 16,
> NET_SCTP_RCVBUF_POLICY = 17,
> + NET_SCTP_SCOPE_POLICY = 18,
Please use CTL_UNNUMBERED for the new sysctl entries. That way
you will not have to touch this file and other generic sysctl files
as well.
> };
>
> /* /proc/sys/net/bridge */
> diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
> index b05b055..699e6ae 100644
> --- a/include/net/sctp/constants.h
> +++ b/include/net/sctp/constants.h
> @@ -361,6 +361,13 @@ typedef enum {
> SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
> } sctp_scope_t;
>
> +typedef enum {
> + SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
> + SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
> + SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
> + SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
> addresses */
> +} sctp_scope_policy_t;
> +
> /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
> * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
> * 192.88.99.0/24.
> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
> index edfcacf..547fbb1 100644
> --- a/include/net/sctp/structs.h
> +++ b/include/net/sctp/structs.h
> @@ -219,6 +219,16 @@ extern struct sctp_globals {
> /* Flag to idicate if SCTP-AUTH is enabled */
> int auth_enable;
>
> + /*
> + * Policy to control SCTP IPv4 address scoping
> + * 0 - Disable IPv4 address scoping
> + * 1 - Enable IPv4 address scoping
> + * 2 - Selectively allow only IPv4 private addresses
> + * 3 - Selectively allow only IPv4 link local address
> + */
> + int ipv4_scope_policy;
> +
> +
extra spacing...
> /* Flag to indicate whether computing and verifying checksum
> * is disabled. */
> int checksum_disable;
> @@ -252,6 +262,7 @@ extern struct sctp_globals {
> #define sctp_port_hashtable (sctp_globals.port_hashtable)
> #define sctp_local_addr_list (sctp_globals.local_addr_list)
> #define sctp_local_addr_lock (sctp_globals.addr_list_lock)
> +#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
> #define sctp_addip_enable (sctp_globals.addip_enable)
> #define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
> #define sctp_prsctp_enable (sctp_globals.prsctp_enable)
> diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
> index b38423c..6a813a4 100644
> --- a/kernel/sysctl_check.c
> +++ b/kernel/sysctl_check.c
> @@ -604,6 +604,7 @@ static const struct trans_ctl_table
> trans_net_sctp_table[] = {
> { NET_SCTP_SNDBUF_POLICY, "sndbuf_policy" },
> { NET_SCTP_SACK_TIMEOUT, "sack_timeout" },
> { NET_SCTP_RCVBUF_POLICY, "rcvbuf_policy" },
> + { NET_SCTP_SCOPE_POLICY, "addr_scope_policy" },
> {}
> };
Don't need it if you use CTL_UNNUMBERED.
>
> diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
> index 6d5944a..6d8e0b0 100644
> --- a/net/sctp/bind_addr.c
> +++ b/net/sctp/bind_addr.c
> @@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
> sctp_scope_t scope)
> * of requested destination address, sender and receiver
> * SHOULD include all of its addresses with level greater
> * than or equal to L.
> + *
> + * Address scoping can be selectively controlled via sysctl
> + * option
> */
> + switch (sctp_scope_policy) {
> + case SCTP_SCOPE_POLICY_DISABLE:
> + return 1;
> + case SCTP_SCOPE_POLICY_ENABLE:
> if (addr_scope <= scope)
> return 1;
> + break;
If you are turning this into a switch statement, please use consistent
formatting.
> + case SCTP_SCOPE_POLICY_PRIVATE:
> + if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
> + return 1;
> + break;
> + case SCTP_SCOPE_POLICY_LINK:
> + if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
> + return 1;
> + break;
> + default:
> + break;
> + }
>
> return 0;
> }
> diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
> index a76da65..5c65cac 100644
> --- a/net/sctp/protocol.c
> +++ b/net/sctp/protocol.c
> @@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
> *addr, struct sctp_sock *sp)
> * of requested destination address, sender and receiver
> * SHOULD include all of its addresses with level greater
> * than or equal to L.
> + *
> + * IPv4 scoping can be controlled through sysctl option
> + * net.sctp.addr_scope_policy
> */
> static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
> {
> sctp_scope_t retval;
>
> - /* Should IPv4 scoping be a sysctl configurable option
> - * so users can turn it off (default on) for certain
> - * unconventional networking environments?
> - */
> -
> /* Check for unusable SCTP addresses. */
> if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
> retval = SCTP_SCOPE_UNUSABLE;
> @@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
> /* Disable AUTH by default. */
> sctp_auth_enable = 0;
>
> + /* Set SCOPE policy to enabled */
> + sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
> +
> sctp_sysctl_register();
>
> INIT_LIST_HEAD(&sctp_address_families);
> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
> index 63eabbc..9f1b412 100644
> --- a/net/sctp/sysctl.c
> +++ b/net/sctp/sysctl.c
> @@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
> static int int_max = INT_MAX;
> static int sack_timer_min = 1;
> static int sack_timer_max = 500;
> +static int addr_scope_max = 3; /* check sctp_scope_policy_t in
> include/net/sctp/constants.h for max entries */
>
> extern int sysctl_sctp_mem[3];
> extern int sysctl_sctp_rmem[3];
> @@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
> .proc_handler = proc_dointvec,
> .strategy = sysctl_intvec
> },
> + {
> + .ctl_name = NET_SCTP_SCOPE_POLICY,
> + .procname = "addr_scope_policy",
> + .data = &sctp_scope_policy,
> + .maxlen = sizeof(int),
> + .mode = 0644,
> + .proc_handler = &proc_dointvec_minmax,
> + .strategy = &sysctl_intvec,
> + .extra1 = &zero,
> + .extra2 = &addr_scope_max,
> + },
> { .ctl_name = 0 }
> };
>
Again, use CTL_UNNUMBERED.
Additionally, for a correct NAT traversal functionality, you might want to look
at http://tools.ietf.org/html/draft-stewart-behave-sctpnat-04
-vlad
-vlad
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
2009-08-28 13:48 ` Vlad Yasevich
@ 2009-09-03 11:55 ` Bhaskar Dutta
2009-09-03 13:43 ` Vlad Yasevich
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Bhaskar Dutta @ 2009-09-03 11:55 UTC (permalink / raw)
To: linux-sctp
Hi Vlad,
Thanks a lot for the comments. I have incorporated all of them in the
updated patch below.
Regards,
Bhaskar
Patch Summary:
======This patch introduces a new sysctl option to make IPv4 Address Scoping
configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
In networking environments where DNAT rules in iptables prerouting
chains convert destination IP's to link-local/private IP addresses,
SCTP connections fail to establish as the INIT chunk is dropped by the
kernel due to address scope match failure.
For example to support overlapping IP addresses (same IP address with
different vlan id) a Layer-5 application listens on link local IP's,
and there is a DNAT rule that maps the destination IP to a link local
IP. Such applications never get the SCTP INIT if the address-scoping
draft is strictly followed.
This sysctl configuration allows SCTP to function in such
unconventional networking environments.
Sysctl options:
0 - Disable IPv4 address scoping draft altogether
1 - Enable IPv4 address scoping (default, current behavior)
2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
3 - Enable address scoping but allow IPv4 link local address in init/init-ack
Patch generated against kernel 2.6.31-rc7.
Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
---
Documentation/networking/ip-sysctl.txt | 10 ++++++++++
include/net/sctp/constants.h | 7 +++++++
include/net/sctp/structs.h | 10 ++++++++++
net/sctp/bind_addr.c | 21 ++++++++++++++++++++-
net/sctp/protocol.c | 11 ++++++-----
net/sctp/sysctl.c | 12 ++++++++++++
6 files changed, 65 insertions(+), 6 deletions(-)
diff --git a/Documentation/networking/ip-sysctl.txt
b/Documentation/networking/ip-sysctl.txt
index 8be7623..da07602 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
sctp_wmem - vector of 3 INTEGERs: min, default, max
See tcp_wmem for a description.
+addr_scope_policy - INTEGER
+ Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
+
+ 0 - Disable IPv4 address scoping
+ 1 - Enable IPv4 address scoping
+ 2 - Follow draft but allow IPv4 private addresses
+ 3 - Follow draft but allow IPv4 link local addresses
+
+ Default: 1
+
/proc/sys/net/core/*
dev_weight - INTEGER
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index b05b055..699e6ae 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -361,6 +361,13 @@ typedef enum {
SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
} sctp_scope_t;
+typedef enum {
+ SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
+ SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
+ SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
+ SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
addresses */
+} sctp_scope_policy_t;
+
/* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
* SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
* 192.88.99.0/24.
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index edfcacf..de46ac6 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -219,6 +219,15 @@ extern struct sctp_globals {
/* Flag to idicate if SCTP-AUTH is enabled */
int auth_enable;
+ /*
+ * Policy to control SCTP IPv4 address scoping
+ * 0 - Disable IPv4 address scoping
+ * 1 - Enable IPv4 address scoping
+ * 2 - Selectively allow only IPv4 private addresses
+ * 3 - Selectively allow only IPv4 link local address
+ */
+ int ipv4_scope_policy;
+
/* Flag to indicate whether computing and verifying checksum
* is disabled. */
int checksum_disable;
@@ -252,6 +261,7 @@ extern struct sctp_globals {
#define sctp_port_hashtable (sctp_globals.port_hashtable)
#define sctp_local_addr_list (sctp_globals.local_addr_list)
#define sctp_local_addr_lock (sctp_globals.addr_list_lock)
+#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
#define sctp_addip_enable (sctp_globals.addip_enable)
#define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
#define sctp_prsctp_enable (sctp_globals.prsctp_enable)
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 6d5944a..7e33508 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
sctp_scope_t scope)
* of requested destination address, sender and receiver
* SHOULD include all of its addresses with level greater
* than or equal to L.
+ *
+ * Address scoping can be selectively controlled via sysctl
+ * option
*/
- if (addr_scope <= scope)
+ switch (sctp_scope_policy) {
+ case SCTP_SCOPE_POLICY_DISABLE:
return 1;
+ case SCTP_SCOPE_POLICY_ENABLE:
+ if (addr_scope <= scope)
+ return 1;
+ break;
+ case SCTP_SCOPE_POLICY_PRIVATE:
+ if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
+ return 1;
+ break;
+ case SCTP_SCOPE_POLICY_LINK:
+ if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
+ return 1;
+ break;
+ default:
+ break;
+ }
return 0;
}
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index a76da65..5c65cac 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
*addr, struct sctp_sock *sp)
* of requested destination address, sender and receiver
* SHOULD include all of its addresses with level greater
* than or equal to L.
+ *
+ * IPv4 scoping can be controlled through sysctl option
+ * net.sctp.addr_scope_policy
*/
static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
{
sctp_scope_t retval;
- /* Should IPv4 scoping be a sysctl configurable option
- * so users can turn it off (default on) for certain
- * unconventional networking environments?
- */
-
/* Check for unusable SCTP addresses. */
if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
retval = SCTP_SCOPE_UNUSABLE;
@@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
/* Disable AUTH by default. */
sctp_auth_enable = 0;
+ /* Set SCOPE policy to enabled */
+ sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
+
sctp_sysctl_register();
INIT_LIST_HEAD(&sctp_address_families);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 63eabbc..ab7151d 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
static int int_max = INT_MAX;
static int sack_timer_min = 1;
static int sack_timer_max = 500;
+static int addr_scope_max = 3; /* check sctp_scope_policy_t in
include/net/sctp/constants.h for max entries */
extern int sysctl_sctp_mem[3];
extern int sysctl_sctp_rmem[3];
@@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
.proc_handler = proc_dointvec,
.strategy = sysctl_intvec
},
+ {
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "addr_scope_policy",
+ .data = &sctp_scope_policy,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = &proc_dointvec_minmax,
+ .strategy = &sysctl_intvec,
+ .extra1 = &zero,
+ .extra2 = &addr_scope_max,
+ },
{ .ctl_name = 0 }
};
--
1.6.2.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
2009-08-28 13:48 ` Vlad Yasevich
2009-09-03 11:55 ` Bhaskar Dutta
@ 2009-09-03 13:43 ` Vlad Yasevich
2009-09-03 15:55 ` Vlad Yasevich
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Vlad Yasevich @ 2009-09-03 13:43 UTC (permalink / raw)
To: linux-sctp
Bhaskar Dutta wrote:
> Hi Vlad,
>
> Thanks a lot for the comments. I have incorporated all of them in the
> updated patch below.
One think I forgot to mention the first time, and just thought of it,
is that since you are introducing a new sysctl, it would be very good
to document it in Documents/networking/ip-sysctl.txt.
There is an SCTP section with all current sctp parameters documented.
Thanks
-vlad
>
> Regards,
> Bhaskar
>
>
> Patch Summary:
> ======> This patch introduces a new sysctl option to make IPv4 Address Scoping
> configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
>
> In networking environments where DNAT rules in iptables prerouting
> chains convert destination IP's to link-local/private IP addresses,
> SCTP connections fail to establish as the INIT chunk is dropped by the
> kernel due to address scope match failure.
> For example to support overlapping IP addresses (same IP address with
> different vlan id) a Layer-5 application listens on link local IP's,
> and there is a DNAT rule that maps the destination IP to a link local
> IP. Such applications never get the SCTP INIT if the address-scoping
> draft is strictly followed.
>
> This sysctl configuration allows SCTP to function in such
> unconventional networking environments.
>
> Sysctl options:
> 0 - Disable IPv4 address scoping draft altogether
> 1 - Enable IPv4 address scoping (default, current behavior)
> 2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
> 3 - Enable address scoping but allow IPv4 link local address in init/init-ack
>
> Patch generated against kernel 2.6.31-rc7.
>
>
> Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
> ---
> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
> include/net/sctp/constants.h | 7 +++++++
> include/net/sctp/structs.h | 10 ++++++++++
> net/sctp/bind_addr.c | 21 ++++++++++++++++++++-
> net/sctp/protocol.c | 11 ++++++-----
> net/sctp/sysctl.c | 12 ++++++++++++
> 6 files changed, 65 insertions(+), 6 deletions(-)
>
> diff --git a/Documentation/networking/ip-sysctl.txt
> b/Documentation/networking/ip-sysctl.txt
> index 8be7623..da07602 100644
> --- a/Documentation/networking/ip-sysctl.txt
> +++ b/Documentation/networking/ip-sysctl.txt
> @@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
> sctp_wmem - vector of 3 INTEGERs: min, default, max
> See tcp_wmem for a description.
>
> +addr_scope_policy - INTEGER
> + Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
> +
> + 0 - Disable IPv4 address scoping
> + 1 - Enable IPv4 address scoping
> + 2 - Follow draft but allow IPv4 private addresses
> + 3 - Follow draft but allow IPv4 link local addresses
> +
> + Default: 1
> +
>
> /proc/sys/net/core/*
> dev_weight - INTEGER
> diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
> index b05b055..699e6ae 100644
> --- a/include/net/sctp/constants.h
> +++ b/include/net/sctp/constants.h
> @@ -361,6 +361,13 @@ typedef enum {
> SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
> } sctp_scope_t;
>
> +typedef enum {
> + SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
> + SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
> + SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
> + SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
> addresses */
> +} sctp_scope_policy_t;
> +
> /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
> * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
> * 192.88.99.0/24.
> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
> index edfcacf..de46ac6 100644
> --- a/include/net/sctp/structs.h
> +++ b/include/net/sctp/structs.h
> @@ -219,6 +219,15 @@ extern struct sctp_globals {
> /* Flag to idicate if SCTP-AUTH is enabled */
> int auth_enable;
>
> + /*
> + * Policy to control SCTP IPv4 address scoping
> + * 0 - Disable IPv4 address scoping
> + * 1 - Enable IPv4 address scoping
> + * 2 - Selectively allow only IPv4 private addresses
> + * 3 - Selectively allow only IPv4 link local address
> + */
> + int ipv4_scope_policy;
> +
> /* Flag to indicate whether computing and verifying checksum
> * is disabled. */
> int checksum_disable;
> @@ -252,6 +261,7 @@ extern struct sctp_globals {
> #define sctp_port_hashtable (sctp_globals.port_hashtable)
> #define sctp_local_addr_list (sctp_globals.local_addr_list)
> #define sctp_local_addr_lock (sctp_globals.addr_list_lock)
> +#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
> #define sctp_addip_enable (sctp_globals.addip_enable)
> #define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
> #define sctp_prsctp_enable (sctp_globals.prsctp_enable)
> diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
> index 6d5944a..7e33508 100644
> --- a/net/sctp/bind_addr.c
> +++ b/net/sctp/bind_addr.c
> @@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
> sctp_scope_t scope)
> * of requested destination address, sender and receiver
> * SHOULD include all of its addresses with level greater
> * than or equal to L.
> + *
> + * Address scoping can be selectively controlled via sysctl
> + * option
> */
> - if (addr_scope <= scope)
> + switch (sctp_scope_policy) {
> + case SCTP_SCOPE_POLICY_DISABLE:
> return 1;
> + case SCTP_SCOPE_POLICY_ENABLE:
> + if (addr_scope <= scope)
> + return 1;
> + break;
> + case SCTP_SCOPE_POLICY_PRIVATE:
> + if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
> + return 1;
> + break;
> + case SCTP_SCOPE_POLICY_LINK:
> + if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
> + return 1;
> + break;
> + default:
> + break;
> + }
>
> return 0;
> }
> diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
> index a76da65..5c65cac 100644
> --- a/net/sctp/protocol.c
> +++ b/net/sctp/protocol.c
> @@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
> *addr, struct sctp_sock *sp)
> * of requested destination address, sender and receiver
> * SHOULD include all of its addresses with level greater
> * than or equal to L.
> + *
> + * IPv4 scoping can be controlled through sysctl option
> + * net.sctp.addr_scope_policy
> */
> static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
> {
> sctp_scope_t retval;
>
> - /* Should IPv4 scoping be a sysctl configurable option
> - * so users can turn it off (default on) for certain
> - * unconventional networking environments?
> - */
> -
> /* Check for unusable SCTP addresses. */
> if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
> retval = SCTP_SCOPE_UNUSABLE;
> @@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
> /* Disable AUTH by default. */
> sctp_auth_enable = 0;
>
> + /* Set SCOPE policy to enabled */
> + sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
> +
> sctp_sysctl_register();
>
> INIT_LIST_HEAD(&sctp_address_families);
> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
> index 63eabbc..ab7151d 100644
> --- a/net/sctp/sysctl.c
> +++ b/net/sctp/sysctl.c
> @@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
> static int int_max = INT_MAX;
> static int sack_timer_min = 1;
> static int sack_timer_max = 500;
> +static int addr_scope_max = 3; /* check sctp_scope_policy_t in
> include/net/sctp/constants.h for max entries */
>
> extern int sysctl_sctp_mem[3];
> extern int sysctl_sctp_rmem[3];
> @@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
> .proc_handler = proc_dointvec,
> .strategy = sysctl_intvec
> },
> + {
> + .ctl_name = CTL_UNNUMBERED,
> + .procname = "addr_scope_policy",
> + .data = &sctp_scope_policy,
> + .maxlen = sizeof(int),
> + .mode = 0644,
> + .proc_handler = &proc_dointvec_minmax,
> + .strategy = &sysctl_intvec,
> + .extra1 = &zero,
> + .extra2 = &addr_scope_max,
> + },
> { .ctl_name = 0 }
> };
>
> --
> 1.6.2.6
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
` (2 preceding siblings ...)
2009-09-03 13:43 ` Vlad Yasevich
@ 2009-09-03 15:55 ` Vlad Yasevich
2009-09-03 15:56 ` Bhaskar Dutta
2009-09-03 19:12 ` Vlad Yasevich
5 siblings, 0 replies; 7+ messages in thread
From: Vlad Yasevich @ 2009-09-03 15:55 UTC (permalink / raw)
To: linux-sctp
Bhaskar Dutta wrote:
> On Thu, Sep 3, 2009 at 7:13 PM, Vlad Yasevich<vladislav.yasevich@hp.com> wrote:
>> Bhaskar Dutta wrote:
>>> Hi Vlad,
>>>
>>> Thanks a lot for the comments. I have incorporated all of them in the
>>> updated patch below.
>> One think I forgot to mention the first time, and just thought of it,
>> is that since you are introducing a new sysctl, it would be very good
>> to document it in Documents/networking/ip-sysctl.txt.
>>
>> There is an SCTP section with all current sctp parameters documented.
>>
>> Thanks
>> -vlad
>>
>
> It is already there. I'd added the new param at the end of the sctp section.
NM. must have looked right past it.... ;)
I'll apply.
Thanks
-vlad
>>>>> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
>
> Thanks,
> Bhaskar
>
>
>
>>> Regards,
>>> Bhaskar
>>>
>>>
>>> Patch Summary:
>>> ======>>> This patch introduces a new sysctl option to make IPv4 Address Scoping
>>> configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
>>>
>>> In networking environments where DNAT rules in iptables prerouting
>>> chains convert destination IP's to link-local/private IP addresses,
>>> SCTP connections fail to establish as the INIT chunk is dropped by the
>>> kernel due to address scope match failure.
>>> For example to support overlapping IP addresses (same IP address with
>>> different vlan id) a Layer-5 application listens on link local IP's,
>>> and there is a DNAT rule that maps the destination IP to a link local
>>> IP. Such applications never get the SCTP INIT if the address-scoping
>>> draft is strictly followed.
>>>
>>> This sysctl configuration allows SCTP to function in such
>>> unconventional networking environments.
>>>
>>> Sysctl options:
>>> 0 - Disable IPv4 address scoping draft altogether
>>> 1 - Enable IPv4 address scoping (default, current behavior)
>>> 2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
>>> 3 - Enable address scoping but allow IPv4 link local address in init/init-ack
>>>
>>> Patch generated against kernel 2.6.31-rc7.
>>>
>>>
>>> Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
>>> ---
>>> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
>>> include/net/sctp/constants.h | 7 +++++++
>>> include/net/sctp/structs.h | 10 ++++++++++
>>> net/sctp/bind_addr.c | 21 ++++++++++++++++++++-
>>> net/sctp/protocol.c | 11 ++++++-----
>>> net/sctp/sysctl.c | 12 ++++++++++++
>>> 6 files changed, 65 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/Documentation/networking/ip-sysctl.txt
>>> b/Documentation/networking/ip-sysctl.txt
>>> index 8be7623..da07602 100644
>>> --- a/Documentation/networking/ip-sysctl.txt
>>> +++ b/Documentation/networking/ip-sysctl.txt
>>> @@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
>>> sctp_wmem - vector of 3 INTEGERs: min, default, max
>>> See tcp_wmem for a description.
>>>
>>> +addr_scope_policy - INTEGER
>>> + Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
>>> +
>>> + 0 - Disable IPv4 address scoping
>>> + 1 - Enable IPv4 address scoping
>>> + 2 - Follow draft but allow IPv4 private addresses
>>> + 3 - Follow draft but allow IPv4 link local addresses
>>> +
>>> + Default: 1
>>> +
>>>
>>> /proc/sys/net/core/*
>>> dev_weight - INTEGER
>>> diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
>>> index b05b055..699e6ae 100644
>>> --- a/include/net/sctp/constants.h
>>> +++ b/include/net/sctp/constants.h
>>> @@ -361,6 +361,13 @@ typedef enum {
>>> SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
>>> } sctp_scope_t;
>>>
>>> +typedef enum {
>>> + SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
>>> + SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
>>> + SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
>>> + SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
>>> addresses */
>>> +} sctp_scope_policy_t;
>>> +
>>> /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
>>> * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
>>> * 192.88.99.0/24.
>>> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
>>> index edfcacf..de46ac6 100644
>>> --- a/include/net/sctp/structs.h
>>> +++ b/include/net/sctp/structs.h
>>> @@ -219,6 +219,15 @@ extern struct sctp_globals {
>>> /* Flag to idicate if SCTP-AUTH is enabled */
>>> int auth_enable;
>>>
>>> + /*
>>> + * Policy to control SCTP IPv4 address scoping
>>> + * 0 - Disable IPv4 address scoping
>>> + * 1 - Enable IPv4 address scoping
>>> + * 2 - Selectively allow only IPv4 private addresses
>>> + * 3 - Selectively allow only IPv4 link local address
>>> + */
>>> + int ipv4_scope_policy;
>>> +
>>> /* Flag to indicate whether computing and verifying checksum
>>> * is disabled. */
>>> int checksum_disable;
>>> @@ -252,6 +261,7 @@ extern struct sctp_globals {
>>> #define sctp_port_hashtable (sctp_globals.port_hashtable)
>>> #define sctp_local_addr_list (sctp_globals.local_addr_list)
>>> #define sctp_local_addr_lock (sctp_globals.addr_list_lock)
>>> +#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
>>> #define sctp_addip_enable (sctp_globals.addip_enable)
>>> #define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
>>> #define sctp_prsctp_enable (sctp_globals.prsctp_enable)
>>> diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
>>> index 6d5944a..7e33508 100644
>>> --- a/net/sctp/bind_addr.c
>>> +++ b/net/sctp/bind_addr.c
>>> @@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
>>> sctp_scope_t scope)
>>> * of requested destination address, sender and receiver
>>> * SHOULD include all of its addresses with level greater
>>> * than or equal to L.
>>> + *
>>> + * Address scoping can be selectively controlled via sysctl
>>> + * option
>>> */
>>> - if (addr_scope <= scope)
>>> + switch (sctp_scope_policy) {
>>> + case SCTP_SCOPE_POLICY_DISABLE:
>>> return 1;
>>> + case SCTP_SCOPE_POLICY_ENABLE:
>>> + if (addr_scope <= scope)
>>> + return 1;
>>> + break;
>>> + case SCTP_SCOPE_POLICY_PRIVATE:
>>> + if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
>>> + return 1;
>>> + break;
>>> + case SCTP_SCOPE_POLICY_LINK:
>>> + if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
>>> + return 1;
>>> + break;
>>> + default:
>>> + break;
>>> + }
>>>
>>> return 0;
>>> }
>>> diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
>>> index a76da65..5c65cac 100644
>>> --- a/net/sctp/protocol.c
>>> +++ b/net/sctp/protocol.c
>>> @@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
>>> *addr, struct sctp_sock *sp)
>>> * of requested destination address, sender and receiver
>>> * SHOULD include all of its addresses with level greater
>>> * than or equal to L.
>>> + *
>>> + * IPv4 scoping can be controlled through sysctl option
>>> + * net.sctp.addr_scope_policy
>>> */
>>> static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
>>> {
>>> sctp_scope_t retval;
>>>
>>> - /* Should IPv4 scoping be a sysctl configurable option
>>> - * so users can turn it off (default on) for certain
>>> - * unconventional networking environments?
>>> - */
>>> -
>>> /* Check for unusable SCTP addresses. */
>>> if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
>>> retval = SCTP_SCOPE_UNUSABLE;
>>> @@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
>>> /* Disable AUTH by default. */
>>> sctp_auth_enable = 0;
>>>
>>> + /* Set SCOPE policy to enabled */
>>> + sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
>>> +
>>> sctp_sysctl_register();
>>>
>>> INIT_LIST_HEAD(&sctp_address_families);
>>> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
>>> index 63eabbc..ab7151d 100644
>>> --- a/net/sctp/sysctl.c
>>> +++ b/net/sctp/sysctl.c
>>> @@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
>>> static int int_max = INT_MAX;
>>> static int sack_timer_min = 1;
>>> static int sack_timer_max = 500;
>>> +static int addr_scope_max = 3; /* check sctp_scope_policy_t in
>>> include/net/sctp/constants.h for max entries */
>>>
>>> extern int sysctl_sctp_mem[3];
>>> extern int sysctl_sctp_rmem[3];
>>> @@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
>>> .proc_handler = proc_dointvec,
>>> .strategy = sysctl_intvec
>>> },
>>> + {
>>> + .ctl_name = CTL_UNNUMBERED,
>>> + .procname = "addr_scope_policy",
>>> + .data = &sctp_scope_policy,
>>> + .maxlen = sizeof(int),
>>> + .mode = 0644,
>>> + .proc_handler = &proc_dointvec_minmax,
>>> + .strategy = &sysctl_intvec,
>>> + .extra1 = &zero,
>>> + .extra2 = &addr_scope_max,
>>> + },
>>> { .ctl_name = 0 }
>>> };
>>>
>>> --
>>> 1.6.2.6
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
` (3 preceding siblings ...)
2009-09-03 15:55 ` Vlad Yasevich
@ 2009-09-03 15:56 ` Bhaskar Dutta
2009-09-03 19:12 ` Vlad Yasevich
5 siblings, 0 replies; 7+ messages in thread
From: Bhaskar Dutta @ 2009-09-03 15:56 UTC (permalink / raw)
To: linux-sctp
On Thu, Sep 3, 2009 at 7:13 PM, Vlad Yasevich<vladislav.yasevich@hp.com> wrote:
> Bhaskar Dutta wrote:
>> Hi Vlad,
>>
>> Thanks a lot for the comments. I have incorporated all of them in the
>> updated patch below.
>
> One think I forgot to mention the first time, and just thought of it,
> is that since you are introducing a new sysctl, it would be very good
> to document it in Documents/networking/ip-sysctl.txt.
>
> There is an SCTP section with all current sctp parameters documented.
>
> Thanks
> -vlad
>
It is already there. I'd added the new param at the end of the sctp section.
>>>> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
Thanks,
Bhaskar
>>
>> Regards,
>> Bhaskar
>>
>>
>> Patch Summary:
>> ======>> This patch introduces a new sysctl option to make IPv4 Address Scoping
>> configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
>>
>> In networking environments where DNAT rules in iptables prerouting
>> chains convert destination IP's to link-local/private IP addresses,
>> SCTP connections fail to establish as the INIT chunk is dropped by the
>> kernel due to address scope match failure.
>> For example to support overlapping IP addresses (same IP address with
>> different vlan id) a Layer-5 application listens on link local IP's,
>> and there is a DNAT rule that maps the destination IP to a link local
>> IP. Such applications never get the SCTP INIT if the address-scoping
>> draft is strictly followed.
>>
>> This sysctl configuration allows SCTP to function in such
>> unconventional networking environments.
>>
>> Sysctl options:
>> 0 - Disable IPv4 address scoping draft altogether
>> 1 - Enable IPv4 address scoping (default, current behavior)
>> 2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
>> 3 - Enable address scoping but allow IPv4 link local address in init/init-ack
>>
>> Patch generated against kernel 2.6.31-rc7.
>>
>>
>> Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
>> ---
>> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
>> include/net/sctp/constants.h | 7 +++++++
>> include/net/sctp/structs.h | 10 ++++++++++
>> net/sctp/bind_addr.c | 21 ++++++++++++++++++++-
>> net/sctp/protocol.c | 11 ++++++-----
>> net/sctp/sysctl.c | 12 ++++++++++++
>> 6 files changed, 65 insertions(+), 6 deletions(-)
>>
>> diff --git a/Documentation/networking/ip-sysctl.txt
>> b/Documentation/networking/ip-sysctl.txt
>> index 8be7623..da07602 100644
>> --- a/Documentation/networking/ip-sysctl.txt
>> +++ b/Documentation/networking/ip-sysctl.txt
>> @@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
>> sctp_wmem - vector of 3 INTEGERs: min, default, max
>> See tcp_wmem for a description.
>>
>> +addr_scope_policy - INTEGER
>> + Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
>> +
>> + 0 - Disable IPv4 address scoping
>> + 1 - Enable IPv4 address scoping
>> + 2 - Follow draft but allow IPv4 private addresses
>> + 3 - Follow draft but allow IPv4 link local addresses
>> +
>> + Default: 1
>> +
>>
>> /proc/sys/net/core/*
>> dev_weight - INTEGER
>> diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
>> index b05b055..699e6ae 100644
>> --- a/include/net/sctp/constants.h
>> +++ b/include/net/sctp/constants.h
>> @@ -361,6 +361,13 @@ typedef enum {
>> SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
>> } sctp_scope_t;
>>
>> +typedef enum {
>> + SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
>> + SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
>> + SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
>> + SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
>> addresses */
>> +} sctp_scope_policy_t;
>> +
>> /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
>> * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
>> * 192.88.99.0/24.
>> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
>> index edfcacf..de46ac6 100644
>> --- a/include/net/sctp/structs.h
>> +++ b/include/net/sctp/structs.h
>> @@ -219,6 +219,15 @@ extern struct sctp_globals {
>> /* Flag to idicate if SCTP-AUTH is enabled */
>> int auth_enable;
>>
>> + /*
>> + * Policy to control SCTP IPv4 address scoping
>> + * 0 - Disable IPv4 address scoping
>> + * 1 - Enable IPv4 address scoping
>> + * 2 - Selectively allow only IPv4 private addresses
>> + * 3 - Selectively allow only IPv4 link local address
>> + */
>> + int ipv4_scope_policy;
>> +
>> /* Flag to indicate whether computing and verifying checksum
>> * is disabled. */
>> int checksum_disable;
>> @@ -252,6 +261,7 @@ extern struct sctp_globals {
>> #define sctp_port_hashtable (sctp_globals.port_hashtable)
>> #define sctp_local_addr_list (sctp_globals.local_addr_list)
>> #define sctp_local_addr_lock (sctp_globals.addr_list_lock)
>> +#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
>> #define sctp_addip_enable (sctp_globals.addip_enable)
>> #define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
>> #define sctp_prsctp_enable (sctp_globals.prsctp_enable)
>> diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
>> index 6d5944a..7e33508 100644
>> --- a/net/sctp/bind_addr.c
>> +++ b/net/sctp/bind_addr.c
>> @@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
>> sctp_scope_t scope)
>> * of requested destination address, sender and receiver
>> * SHOULD include all of its addresses with level greater
>> * than or equal to L.
>> + *
>> + * Address scoping can be selectively controlled via sysctl
>> + * option
>> */
>> - if (addr_scope <= scope)
>> + switch (sctp_scope_policy) {
>> + case SCTP_SCOPE_POLICY_DISABLE:
>> return 1;
>> + case SCTP_SCOPE_POLICY_ENABLE:
>> + if (addr_scope <= scope)
>> + return 1;
>> + break;
>> + case SCTP_SCOPE_POLICY_PRIVATE:
>> + if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
>> + return 1;
>> + break;
>> + case SCTP_SCOPE_POLICY_LINK:
>> + if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
>> + return 1;
>> + break;
>> + default:
>> + break;
>> + }
>>
>> return 0;
>> }
>> diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
>> index a76da65..5c65cac 100644
>> --- a/net/sctp/protocol.c
>> +++ b/net/sctp/protocol.c
>> @@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
>> *addr, struct sctp_sock *sp)
>> * of requested destination address, sender and receiver
>> * SHOULD include all of its addresses with level greater
>> * than or equal to L.
>> + *
>> + * IPv4 scoping can be controlled through sysctl option
>> + * net.sctp.addr_scope_policy
>> */
>> static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
>> {
>> sctp_scope_t retval;
>>
>> - /* Should IPv4 scoping be a sysctl configurable option
>> - * so users can turn it off (default on) for certain
>> - * unconventional networking environments?
>> - */
>> -
>> /* Check for unusable SCTP addresses. */
>> if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
>> retval = SCTP_SCOPE_UNUSABLE;
>> @@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
>> /* Disable AUTH by default. */
>> sctp_auth_enable = 0;
>>
>> + /* Set SCOPE policy to enabled */
>> + sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
>> +
>> sctp_sysctl_register();
>>
>> INIT_LIST_HEAD(&sctp_address_families);
>> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
>> index 63eabbc..ab7151d 100644
>> --- a/net/sctp/sysctl.c
>> +++ b/net/sctp/sysctl.c
>> @@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
>> static int int_max = INT_MAX;
>> static int sack_timer_min = 1;
>> static int sack_timer_max = 500;
>> +static int addr_scope_max = 3; /* check sctp_scope_policy_t in
>> include/net/sctp/constants.h for max entries */
>>
>> extern int sysctl_sctp_mem[3];
>> extern int sysctl_sctp_rmem[3];
>> @@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
>> .proc_handler = proc_dointvec,
>> .strategy = sysctl_intvec
>> },
>> + {
>> + .ctl_name = CTL_UNNUMBERED,
>> + .procname = "addr_scope_policy",
>> + .data = &sctp_scope_policy,
>> + .maxlen = sizeof(int),
>> + .mode = 0644,
>> + .proc_handler = &proc_dointvec_minmax,
>> + .strategy = &sysctl_intvec,
>> + .extra1 = &zero,
>> + .extra2 = &addr_scope_max,
>> + },
>> { .ctl_name = 0 }
>> };
>>
>> --
>> 1.6.2.6
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
` (4 preceding siblings ...)
2009-09-03 15:56 ` Bhaskar Dutta
@ 2009-09-03 19:12 ` Vlad Yasevich
5 siblings, 0 replies; 7+ messages in thread
From: Vlad Yasevich @ 2009-09-03 19:12 UTC (permalink / raw)
To: linux-sctp
Vlad Yasevich wrote:
> Bhaskar Dutta wrote:
>> On Thu, Sep 3, 2009 at 7:13 PM, Vlad Yasevich<vladislav.yasevich@hp.com> wrote:
>>> Bhaskar Dutta wrote:
>>>> Hi Vlad,
>>>>
>>>> Thanks a lot for the comments. I have incorporated all of them in the
>>>> updated patch below.
>>> One think I forgot to mention the first time, and just thought of it,
>>> is that since you are introducing a new sysctl, it would be very good
>>> to document it in Documents/networking/ip-sysctl.txt.
>>>
>>> There is an SCTP section with all current sctp parameters documented.
>>>
>>> Thanks
>>> -vlad
>>>
>> It is already there. I'd added the new param at the end of the sctp section.
>
> NM. must have looked right past it.... ;)
>
> I'll apply.
Looks like you mail client corrupted the patch such that it doesn't apply.
I'll fix it up this time, but please look at look at Documentation/email-clients
in the kernel tree.
-vlad
>
> Thanks
> -vlad
>
>>>>>> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
>> Thanks,
>> Bhaskar
>>
>>
>>
>>>> Regards,
>>>> Bhaskar
>>>>
>>>>
>>>> Patch Summary:
>>>> ======>>>> This patch introduces a new sysctl option to make IPv4 Address Scoping
>>>> configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
>>>>
>>>> In networking environments where DNAT rules in iptables prerouting
>>>> chains convert destination IP's to link-local/private IP addresses,
>>>> SCTP connections fail to establish as the INIT chunk is dropped by the
>>>> kernel due to address scope match failure.
>>>> For example to support overlapping IP addresses (same IP address with
>>>> different vlan id) a Layer-5 application listens on link local IP's,
>>>> and there is a DNAT rule that maps the destination IP to a link local
>>>> IP. Such applications never get the SCTP INIT if the address-scoping
>>>> draft is strictly followed.
>>>>
>>>> This sysctl configuration allows SCTP to function in such
>>>> unconventional networking environments.
>>>>
>>>> Sysctl options:
>>>> 0 - Disable IPv4 address scoping draft altogether
>>>> 1 - Enable IPv4 address scoping (default, current behavior)
>>>> 2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
>>>> 3 - Enable address scoping but allow IPv4 link local address in init/init-ack
>>>>
>>>> Patch generated against kernel 2.6.31-rc7.
>>>>
>>>>
>>>> Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
>>>> ---
>>>> Documentation/networking/ip-sysctl.txt | 10 ++++++++++
>>>> include/net/sctp/constants.h | 7 +++++++
>>>> include/net/sctp/structs.h | 10 ++++++++++
>>>> net/sctp/bind_addr.c | 21 ++++++++++++++++++++-
>>>> net/sctp/protocol.c | 11 ++++++-----
>>>> net/sctp/sysctl.c | 12 ++++++++++++
>>>> 6 files changed, 65 insertions(+), 6 deletions(-)
>>>>
>>>> diff --git a/Documentation/networking/ip-sysctl.txt
>>>> b/Documentation/networking/ip-sysctl.txt
>>>> index 8be7623..da07602 100644
>>>> --- a/Documentation/networking/ip-sysctl.txt
>>>> +++ b/Documentation/networking/ip-sysctl.txt
>>>> @@ -1282,6 +1282,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
>>>> sctp_wmem - vector of 3 INTEGERs: min, default, max
>>>> See tcp_wmem for a description.
>>>>
>>>> +addr_scope_policy - INTEGER
>>>> + Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
>>>> +
>>>> + 0 - Disable IPv4 address scoping
>>>> + 1 - Enable IPv4 address scoping
>>>> + 2 - Follow draft but allow IPv4 private addresses
>>>> + 3 - Follow draft but allow IPv4 link local addresses
>>>> +
>>>> + Default: 1
>>>> +
>>>>
>>>> /proc/sys/net/core/*
>>>> dev_weight - INTEGER
>>>> diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
>>>> index b05b055..699e6ae 100644
>>>> --- a/include/net/sctp/constants.h
>>>> +++ b/include/net/sctp/constants.h
>>>> @@ -361,6 +361,13 @@ typedef enum {
>>>> SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
>>>> } sctp_scope_t;
>>>>
>>>> +typedef enum {
>>>> + SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
>>>> + SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
>>>> + SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
>>>> + SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local
>>>> addresses */
>>>> +} sctp_scope_policy_t;
>>>> +
>>>> /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
>>>> * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
>>>> * 192.88.99.0/24.
>>>> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
>>>> index edfcacf..de46ac6 100644
>>>> --- a/include/net/sctp/structs.h
>>>> +++ b/include/net/sctp/structs.h
>>>> @@ -219,6 +219,15 @@ extern struct sctp_globals {
>>>> /* Flag to idicate if SCTP-AUTH is enabled */
>>>> int auth_enable;
>>>>
>>>> + /*
>>>> + * Policy to control SCTP IPv4 address scoping
>>>> + * 0 - Disable IPv4 address scoping
>>>> + * 1 - Enable IPv4 address scoping
>>>> + * 2 - Selectively allow only IPv4 private addresses
>>>> + * 3 - Selectively allow only IPv4 link local address
>>>> + */
>>>> + int ipv4_scope_policy;
>>>> +
>>>> /* Flag to indicate whether computing and verifying checksum
>>>> * is disabled. */
>>>> int checksum_disable;
>>>> @@ -252,6 +261,7 @@ extern struct sctp_globals {
>>>> #define sctp_port_hashtable (sctp_globals.port_hashtable)
>>>> #define sctp_local_addr_list (sctp_globals.local_addr_list)
>>>> #define sctp_local_addr_lock (sctp_globals.addr_list_lock)
>>>> +#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
>>>> #define sctp_addip_enable (sctp_globals.addip_enable)
>>>> #define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
>>>> #define sctp_prsctp_enable (sctp_globals.prsctp_enable)
>>>> diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
>>>> index 6d5944a..7e33508 100644
>>>> --- a/net/sctp/bind_addr.c
>>>> +++ b/net/sctp/bind_addr.c
>>>> @@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr,
>>>> sctp_scope_t scope)
>>>> * of requested destination address, sender and receiver
>>>> * SHOULD include all of its addresses with level greater
>>>> * than or equal to L.
>>>> + *
>>>> + * Address scoping can be selectively controlled via sysctl
>>>> + * option
>>>> */
>>>> - if (addr_scope <= scope)
>>>> + switch (sctp_scope_policy) {
>>>> + case SCTP_SCOPE_POLICY_DISABLE:
>>>> return 1;
>>>> + case SCTP_SCOPE_POLICY_ENABLE:
>>>> + if (addr_scope <= scope)
>>>> + return 1;
>>>> + break;
>>>> + case SCTP_SCOPE_POLICY_PRIVATE:
>>>> + if (addr_scope <= scope || SCTP_SCOPE_PRIVATE = addr_scope)
>>>> + return 1;
>>>> + break;
>>>> + case SCTP_SCOPE_POLICY_LINK:
>>>> + if (addr_scope <= scope || SCTP_SCOPE_LINK = addr_scope)
>>>> + return 1;
>>>> + break;
>>>> + default:
>>>> + break;
>>>> + }
>>>>
>>>> return 0;
>>>> }
>>>> diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
>>>> index a76da65..5c65cac 100644
>>>> --- a/net/sctp/protocol.c
>>>> +++ b/net/sctp/protocol.c
>>>> @@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr
>>>> *addr, struct sctp_sock *sp)
>>>> * of requested destination address, sender and receiver
>>>> * SHOULD include all of its addresses with level greater
>>>> * than or equal to L.
>>>> + *
>>>> + * IPv4 scoping can be controlled through sysctl option
>>>> + * net.sctp.addr_scope_policy
>>>> */
>>>> static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
>>>> {
>>>> sctp_scope_t retval;
>>>>
>>>> - /* Should IPv4 scoping be a sysctl configurable option
>>>> - * so users can turn it off (default on) for certain
>>>> - * unconventional networking environments?
>>>> - */
>>>> -
>>>> /* Check for unusable SCTP addresses. */
>>>> if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
>>>> retval = SCTP_SCOPE_UNUSABLE;
>>>> @@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
>>>> /* Disable AUTH by default. */
>>>> sctp_auth_enable = 0;
>>>>
>>>> + /* Set SCOPE policy to enabled */
>>>> + sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
>>>> +
>>>> sctp_sysctl_register();
>>>>
>>>> INIT_LIST_HEAD(&sctp_address_families);
>>>> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
>>>> index 63eabbc..ab7151d 100644
>>>> --- a/net/sctp/sysctl.c
>>>> +++ b/net/sctp/sysctl.c
>>>> @@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
>>>> static int int_max = INT_MAX;
>>>> static int sack_timer_min = 1;
>>>> static int sack_timer_max = 500;
>>>> +static int addr_scope_max = 3; /* check sctp_scope_policy_t in
>>>> include/net/sctp/constants.h for max entries */
>>>>
>>>> extern int sysctl_sctp_mem[3];
>>>> extern int sysctl_sctp_rmem[3];
>>>> @@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
>>>> .proc_handler = proc_dointvec,
>>>> .strategy = sysctl_intvec
>>>> },
>>>> + {
>>>> + .ctl_name = CTL_UNNUMBERED,
>>>> + .procname = "addr_scope_policy",
>>>> + .data = &sctp_scope_policy,
>>>> + .maxlen = sizeof(int),
>>>> + .mode = 0644,
>>>> + .proc_handler = &proc_dointvec_minmax,
>>>> + .strategy = &sysctl_intvec,
>>>> + .extra1 = &zero,
>>>> + .extra2 = &addr_scope_max,
>>>> + },
>>>> { .ctl_name = 0 }
>>>> };
>>>>
>>>> --
>>>> 1.6.2.6
>>>> --
>>>> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
>>>> the body of a message to majordomo@vger.kernel.org
>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-09-03 19:12 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-08-28 11:22 [PATCH 1/1] sctp: Sysctl configuration for IPv4 Address Scoping Bhaskar Dutta
2009-08-28 13:48 ` Vlad Yasevich
2009-09-03 11:55 ` Bhaskar Dutta
2009-09-03 13:43 ` Vlad Yasevich
2009-09-03 15:55 ` Vlad Yasevich
2009-09-03 15:56 ` Bhaskar Dutta
2009-09-03 19:12 ` Vlad Yasevich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.