summaryrefslogtreecommitdiff
path: root/include/linux/inetdevice.h
diff options
context:
space:
mode:
authorJaehee Park <jhpark1013@gmail.com>2022-07-14 02:40:47 +0300
committerJakub Kicinski <kuba@kernel.org>2022-07-16 04:55:49 +0300
commite68c5dcf0aacc48a23cedcb3ce81b8c60837f48c (patch)
treec89fddb75cef6e3d2e2159417e6e4ab9492a03ca /include/linux/inetdevice.h
parent459f326e995ce6f02f3dc79ca5bc4e2abe33d156 (diff)
downloadlinux-e68c5dcf0aacc48a23cedcb3ce81b8c60837f48c.tar.xz
net: ipv4: new arp_accept option to accept garp only if in-network
In many deployments, we want the option to not learn a neighbor from garp if the src ip is not in the same subnet as an address configured on the interface that received the garp message. net.ipv4.arp_accept sysctl is currently used to control creation of a neigh from a received garp packet. This patch adds a new option '2' to net.ipv4.arp_accept which extends option '1' by including the subnet check. Signed-off-by: Jaehee Park <jhpark1013@gmail.com> Suggested-by: Roopa Prabhu <roopa@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include/linux/inetdevice.h')
-rw-r--r--include/linux/inetdevice.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index ead323243e7b..ddb27fc0ee8c 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -131,7 +131,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev)
IN_DEV_ORCONF((in_dev), IGNORE_ROUTES_WITH_LINKDOWN)
#define IN_DEV_ARPFILTER(in_dev) IN_DEV_ORCONF((in_dev), ARPFILTER)
-#define IN_DEV_ARP_ACCEPT(in_dev) IN_DEV_ORCONF((in_dev), ARP_ACCEPT)
+#define IN_DEV_ARP_ACCEPT(in_dev) IN_DEV_MAXCONF((in_dev), ARP_ACCEPT)
#define IN_DEV_ARP_ANNOUNCE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_ANNOUNCE)
#define IN_DEV_ARP_IGNORE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_IGNORE)
#define IN_DEV_ARP_NOTIFY(in_dev) IN_DEV_MAXCONF((in_dev), ARP_NOTIFY)