summaryrefslogtreecommitdiffstats
path: root/fs/fscache
diff options
context:
space:
mode:
authorRobert Shearman <rshearma@brocade.com>2015-04-22 11:14:38 +0100
committerDavid S. Miller <davem@davemloft.net>2015-04-22 14:24:54 -0400
commit37bde79979c3862c79294c62ddcef7efc477e4bf (patch)
treea2268a0a600ed3eb1e33df0f43bbd3c72c5e30e0 /fs/fscache
parent03c57747a7020a28a200e7e920fb48ecdc9b0fb8 (diff)
downloadlinux-stable-37bde79979c3862c79294c62ddcef7efc477e4bf.tar.gz
linux-stable-37bde79979c3862c79294c62ddcef7efc477e4bf.tar.bz2
linux-stable-37bde79979c3862c79294c62ddcef7efc477e4bf.zip
mpls: Per-device enabling of packet input
An MPLS network is a single trust domain where the edges must be in control of what labels make their way into the core. The simplest way of ensuring this is for the edge device to always impose the labels, and not allow forward labeled traffic from untrusted neighbours. This is achieved by allowing a per-device configuration of whether MPLS traffic input from that interface should be processed or not. To be secure by default, the default state is changed to MPLS being disabled on all interfaces unless explicitly enabled and no global option is provided to change the default. Whilst this differs from other protocols (e.g. IPv6), network operators are used to explicitly enabling MPLS forwarding on interfaces, and with the number of links to the MPLS core typically fairly low this doesn't present too much of a burden on operators. Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Robert Shearman <rshearma@brocade.com> Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs/fscache')
0 files changed, 0 insertions, 0 deletions