Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a346abe0 authored Jul 01, 2019 by Eric Dumazet Committed by David S. Miller Jul 01, 2019

ipv6: icmp: allow flowlabel reflection in echo replies



Extend flowlabel_reflect bitmask to allow conditional
reflection of incoming flowlabels in echo replies.

Note this has precedence against auto flowlabels.

Add flowlabel_reflect enum to replace hard coded
values.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 954a5a02

Documentation/networking/ip-sysctl.txt

+3 −1

Original line number	Diff line number	Diff line
		@@ -1452,7 +1452,7 @@ flowlabel_reflect - INTEGER
		environments. See RFC 7690 and:
		https://tools.ietf.org/html/draft-wang-6man-flow-label-reflection-01

		This is a mask of two bits.
		This is a bitmask.
		1: enabled for established flows

		Note that this prevents automatic flowlabel changes, as done
		@@ -1463,6 +1463,8 @@ flowlabel_reflect - INTEGER
		If set, a RST packet sent in response to a SYN packet on a closed
		port will reflect the incoming flow label.

		4: enabled for ICMPv6 echo reply messages.

		Default: 0

		fib_multipath_hash_policy - INTEGER

include/net/ipv6.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -301,6 +301,13 @@ struct ipv6_txoptions {
		/* Option buffer, as read by IPV6_PKTOPTIONS, starts here. */
		};

		/* flowlabel_reflect sysctl values */
		enum flowlabel_reflect {
		FLOWLABEL_REFLECT_ESTABLISHED = 1,
		FLOWLABEL_REFLECT_TCP_RESET = 2,
		FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES = 4,
		};

		struct ip6_flowlabel {
		struct ip6_flowlabel __rcu *next;
		__be32 label;

net/ipv6/af_inet6.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -208,7 +208,7 @@ static int inet6_create(struct net net, struct socket sock, int protocol,
		np->mc_loop = 1;
		np->mc_all = 1;
		np->pmtudisc = IPV6_PMTUDISC_WANT;
		np->repflow = net->ipv6.sysctl.flowlabel_reflect & 1;
		np->repflow = net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ESTABLISHED;
		sk->sk_ipv6only = net->ipv6.sysctl.bindv6only;

		/* Init the ipv4 part of the socket since we can have sockets

net/ipv6/icmp.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -703,6 +703,9 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
		tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;

		memset(&fl6, 0, sizeof(fl6));
		if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
		fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));

		fl6.flowi6_proto = IPPROTO_ICMPV6;
		fl6.daddr = ipv6_hdr(skb)->saddr;
		if (saddr)

net/ipv6/sysctl_net_ipv6.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -23,7 +23,7 @@

		static int zero;
		static int one = 1;
		static int three = 3;
		static int flowlabel_reflect_max = 0x7;
		static int auto_flowlabels_min;
		static int auto_flowlabels_max = IP6_AUTO_FLOW_LABEL_MAX;

		@@ -116,7 +116,7 @@ static struct ctl_table ipv6_table_template[] = {
		.mode = 0644,
		.proc_handler = proc_dointvec,
		.extra1 = &zero,
		.extra2 = &three,
		.extra2 = &flowlabel_reflect_max,
		},
		{
		.procname = "max_dst_opts_number",