return 0;
}
-static int sysctl_icmpv6_time __read_mostly = 1*HZ;
-
/*
* Check the ICMP output rate limit
*/
res = 1;
} else {
struct rt6_info *rt = (struct rt6_info *)dst;
- int tmo = sysctl_icmpv6_time;
+ int tmo = init_net.ipv6.sysctl.icmpv6_time;
/* Give more bandwidth to wider prefixes. */
if (rt->rt6i_dst.plen < 128)
struct icmp6hdr *hdr;
int type;
- if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb) && skb->sp &&
- skb->sp->xvec[skb->sp->len - 1]->props.flags & XFRM_STATE_ICMP) {
+ if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
int nh;
+ if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
+ XFRM_STATE_ICMP))
+ goto drop_no_count;
+
if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
goto drop_no_count;
EXPORT_SYMBOL(icmpv6_err_convert);
#ifdef CONFIG_SYSCTL
-ctl_table ipv6_icmp_table[] = {
+ctl_table ipv6_icmp_table_template[] = {
{
.ctl_name = NET_IPV6_ICMP_RATELIMIT,
.procname = "ratelimit",
- .data = &sysctl_icmpv6_time,
+ .data = &init_net.ipv6.sysctl.icmpv6_time,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = &proc_dointvec
},
{ .ctl_name = 0 },
};
+
+struct ctl_table *ipv6_icmp_sysctl_init(struct net *net)
+{
+ struct ctl_table *table;
+
+ table = kmemdup(ipv6_icmp_table_template,
+ sizeof(ipv6_icmp_table_template),
+ GFP_KERNEL);
+ return table;
+}
#endif
projects / ~andy / linux / blobdiff