aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/addrconf.c
diff options
context:
space:
mode:
authorDenis V. Lunev <den@openvz.org>2007-11-30 08:21:31 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:54:24 -0500
commitb854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
treec90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/ipv6/addrconf.c
parentad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)
[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)
Before I can enable rtnetlink to work in all network namespaces I need to be certain that something won't break. So this patch deliberately disables all of the rtnletlink methods in everything except the initial network namespace. After the methods have been audited this extra check can be disabled. Changes from v1: - added IPv6 addrlabel protection Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'net/ipv6/addrconf.c')
-rw-r--r--net/ipv6/addrconf.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a70cecf8fc8..26de8ee5095 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2971,11 +2971,15 @@ static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = {
2971static int 2971static int
2972inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) 2972inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2973{ 2973{
2974 struct net *net = skb->sk->sk_net;
2974 struct ifaddrmsg *ifm; 2975 struct ifaddrmsg *ifm;
2975 struct nlattr *tb[IFA_MAX+1]; 2976 struct nlattr *tb[IFA_MAX+1];
2976 struct in6_addr *pfx; 2977 struct in6_addr *pfx;
2977 int err; 2978 int err;
2978 2979
2980 if (net != &init_net)
2981 return -EINVAL;
2982
2979 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy); 2983 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
2980 if (err < 0) 2984 if (err < 0)
2981 return err; 2985 return err;
@@ -3028,6 +3032,7 @@ static int inet6_addr_modify(struct inet6_ifaddr *ifp, u8 ifa_flags,
3028static int 3032static int
3029inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) 3033inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3030{ 3034{
3035 struct net *net = skb->sk->sk_net;
3031 struct ifaddrmsg *ifm; 3036 struct ifaddrmsg *ifm;
3032 struct nlattr *tb[IFA_MAX+1]; 3037 struct nlattr *tb[IFA_MAX+1];
3033 struct in6_addr *pfx; 3038 struct in6_addr *pfx;
@@ -3037,6 +3042,9 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3037 u8 ifa_flags; 3042 u8 ifa_flags;
3038 int err; 3043 int err;
3039 3044
3045 if (net != &init_net)
3046 return -EINVAL;
3047
3040 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy); 3048 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
3041 if (err < 0) 3049 if (err < 0)
3042 return err; 3050 return err;
@@ -3310,26 +3318,42 @@ done:
3310 3318
3311static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 3319static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
3312{ 3320{
3321 struct net *net = skb->sk->sk_net;
3313 enum addr_type_t type = UNICAST_ADDR; 3322 enum addr_type_t type = UNICAST_ADDR;
3323
3324 if (net != &init_net)
3325 return 0;
3326
3314 return inet6_dump_addr(skb, cb, type); 3327 return inet6_dump_addr(skb, cb, type);
3315} 3328}
3316 3329
3317static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb) 3330static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb)
3318{ 3331{
3332 struct net *net = skb->sk->sk_net;
3319 enum addr_type_t type = MULTICAST_ADDR; 3333 enum addr_type_t type = MULTICAST_ADDR;
3334
3335 if (net != &init_net)
3336 return 0;
3337
3320 return inet6_dump_addr(skb, cb, type); 3338 return inet6_dump_addr(skb, cb, type);
3321} 3339}
3322 3340
3323 3341
3324static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) 3342static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
3325{ 3343{
3344 struct net *net = skb->sk->sk_net;
3326 enum addr_type_t type = ANYCAST_ADDR; 3345 enum addr_type_t type = ANYCAST_ADDR;
3346
3347 if (net != &init_net)
3348 return 0;
3349
3327 return inet6_dump_addr(skb, cb, type); 3350 return inet6_dump_addr(skb, cb, type);
3328} 3351}
3329 3352
3330static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, 3353static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
3331 void *arg) 3354 void *arg)
3332{ 3355{
3356 struct net *net = in_skb->sk->sk_net;
3333 struct ifaddrmsg *ifm; 3357 struct ifaddrmsg *ifm;
3334 struct nlattr *tb[IFA_MAX+1]; 3358 struct nlattr *tb[IFA_MAX+1];
3335 struct in6_addr *addr = NULL; 3359 struct in6_addr *addr = NULL;
@@ -3338,6 +3362,9 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
3338 struct sk_buff *skb; 3362 struct sk_buff *skb;
3339 int err; 3363 int err;
3340 3364
3365 if (net != &init_net)
3366 return -EINVAL;
3367
3341 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy); 3368 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
3342 if (err < 0) 3369 if (err < 0)
3343 goto errout; 3370 goto errout;
@@ -3555,11 +3582,15 @@ nla_put_failure:
3555 3582
3556static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) 3583static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
3557{ 3584{
3585 struct net *net = skb->sk->sk_net;
3558 int idx, err; 3586 int idx, err;
3559 int s_idx = cb->args[0]; 3587 int s_idx = cb->args[0];
3560 struct net_device *dev; 3588 struct net_device *dev;
3561 struct inet6_dev *idev; 3589 struct inet6_dev *idev;
3562 3590
3591 if (net != &init_net)
3592 return 0;
3593
3563 read_lock(&dev_base_lock); 3594 read_lock(&dev_base_lock);
3564 idx = 0; 3595 idx = 0;
3565 for_each_netdev(&init_net, dev) { 3596 for_each_netdev(&init_net, dev) {