Here is an alternative that allows runtime based restriction on some
TCP congestion control choices.
Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
---
include/net/tcp.h | 1 +
net/ipv4/tcp_cong.c | 4 ++++
2 files changed, 5 insertions(+)
--- sky2.orig/include/net/tcp.h 2006-10-27 10:46:19.000000000 -0700
+++ sky2/include/net/tcp.h 2006-10-27 10:46:55.000000000 -0700
@@ -651,6 +651,7 @@
char name[TCP_CA_NAME_MAX];
struct module *owner;
+ int restricted; /* NET_ADMIN only */
};
extern int tcp_register_congestion_control(struct tcp_congestion_ops *type);
--- sky2.orig/net/ipv4/tcp_cong.c 2006-10-27 10:51:47.000000000 -0700
+++ sky2/net/ipv4/tcp_cong.c 2006-10-27 10:56:36.000000000 -0700
@@ -10,6 +10,7 @@
#include <linux/mm.h>
#include <linux/types.h>
#include <linux/list.h>
+#include <linux/capability.h>
#include <net/tcp.h>
static DEFINE_SPINLOCK(tcp_cong_list_lock);
@@ -159,6 +160,9 @@
if (!ca)
err = -ENOENT;
+ else if (ca->restricted && !capable(CAP_NET_ADMIN))
+ err = -EPERM;
+
else if (!try_module_get(ca->owner))
err = -EBUSY;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
