diff options
| author | Denis V. Lunev <den@openvz.org> | 2007-11-30 08:21:31 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:54:24 -0500 |
| commit | b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch) | |
| tree | c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/decnet/dn_route.c | |
| parent | ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff) | |
[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)
Before I can enable rtnetlink to work in all network namespaces I need
to be certain that something won't break. So this patch deliberately
disables all of the rtnletlink methods in everything except the
initial network namespace. After the methods have been audited this
extra check can be disabled.
Changes from v1:
- added IPv6 addrlabel protection
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'net/decnet/dn_route.c')
| -rw-r--r-- | net/decnet/dn_route.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c index 2a5bb0714c7..28aeba15cf1 100644 --- a/net/decnet/dn_route.c +++ b/net/decnet/dn_route.c | |||
| @@ -1511,6 +1511,7 @@ rtattr_failure: | |||
| 1511 | */ | 1511 | */ |
| 1512 | static int dn_cache_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, void *arg) | 1512 | static int dn_cache_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, void *arg) |
| 1513 | { | 1513 | { |
| 1514 | struct net *net = in_skb->sk->sk_net; | ||
| 1514 | struct rtattr **rta = arg; | 1515 | struct rtattr **rta = arg; |
| 1515 | struct rtmsg *rtm = NLMSG_DATA(nlh); | 1516 | struct rtmsg *rtm = NLMSG_DATA(nlh); |
| 1516 | struct dn_route *rt = NULL; | 1517 | struct dn_route *rt = NULL; |
| @@ -1519,6 +1520,9 @@ static int dn_cache_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, void | |||
| 1519 | struct sk_buff *skb; | 1520 | struct sk_buff *skb; |
| 1520 | struct flowi fl; | 1521 | struct flowi fl; |
| 1521 | 1522 | ||
| 1523 | if (net != &init_net) | ||
| 1524 | return -EINVAL; | ||
| 1525 | |||
| 1522 | memset(&fl, 0, sizeof(fl)); | 1526 | memset(&fl, 0, sizeof(fl)); |
| 1523 | fl.proto = DNPROTO_NSP; | 1527 | fl.proto = DNPROTO_NSP; |
| 1524 | 1528 | ||
| @@ -1596,10 +1600,14 @@ out_free: | |||
| 1596 | */ | 1600 | */ |
| 1597 | int dn_cache_dump(struct sk_buff *skb, struct netlink_callback *cb) | 1601 | int dn_cache_dump(struct sk_buff *skb, struct netlink_callback *cb) |
| 1598 | { | 1602 | { |
| 1603 | struct net *net = skb->sk->sk_net; | ||
| 1599 | struct dn_route *rt; | 1604 | struct dn_route *rt; |
| 1600 | int h, s_h; | 1605 | int h, s_h; |
| 1601 | int idx, s_idx; | 1606 | int idx, s_idx; |
| 1602 | 1607 | ||
| 1608 | if (net != &init_net) | ||
| 1609 | return 0; | ||
| 1610 | |||
| 1603 | if (NLMSG_PAYLOAD(cb->nlh, 0) < sizeof(struct rtmsg)) | 1611 | if (NLMSG_PAYLOAD(cb->nlh, 0) < sizeof(struct rtmsg)) |
| 1604 | return -EINVAL; | 1612 | return -EINVAL; |
| 1605 | if (!(((struct rtmsg *)NLMSG_DATA(cb->nlh))->rtm_flags&RTM_F_CLONED)) | 1613 | if (!(((struct rtmsg *)NLMSG_DATA(cb->nlh))->rtm_flags&RTM_F_CLONED)) |