This patches adds a sysctl flag to decide wheither or not detect icmpv6
autoconfiguration packet as INVALID.
Signed-off-by: Eric Leblond <eric@xxxxxx>
---
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 0dbac72..4aa80ba 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -27,6 +27,7 @@
#include <net/netfilter/nf_log.h>
static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
+static unsigned long nf_ct_icmpv6_autoconf __read_mostly = 0;
static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
@@ -259,6 +260,13 @@ static struct ctl_table icmpv6_sysctl_table[] = {
.proc_handler = proc_dointvec_jiffies,
},
{
+ .procname = "nf_conntrack_icmpv6_autoconf",
+ .data = &nf_ct_icmpv6_autoconf,
+ .maxlen = sizeof(unsigned int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
.ctl_name = 0
}
};
--
1.5.6.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
