diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-25 15:42:45 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-08-15 00:55:28 -0400 |
| commit | af4c6641f5ad445fe6d0832da42406dbd9a37ce4 (patch) | |
| tree | d1ef8c8fafb5cde0f55b7efd174c3d2032a58180 | |
| parent | 9eea9515cb5f3a4416511ef54b1cc98ca04869a1 (diff) | |
net sched: Pass the skb into change so it can access NETLINK_CB
cls_flow.c plays with uids and gids. Unless I misread that
code it is possible for classifiers to depend on the specific uid and
gid values. Therefore I need to know the user namespace of the
netlink socket that is installing the packet classifiers. Pass
in the rtnetlink skb so I can access the NETLINK_CB of the passed
packet. In particular I want access to sk_user_ns(NETLINK_CB(in_skb).ssk).
Pass in not the user namespace but the incomming rtnetlink skb into
the the classifier change routines as that is generally the more useful
parameter.
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | include/net/sch_generic.h | 3 | ||||
| -rw-r--r-- | net/sched/cls_api.c | 2 | ||||
| -rw-r--r-- | net/sched/cls_basic.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_cgroup.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_flow.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_fw.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_route.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_rsvp.h | 3 | ||||
| -rw-r--r-- | net/sched/cls_tcindex.c | 3 | ||||
| -rw-r--r-- | net/sched/cls_u32.c | 3 |
10 files changed, 19 insertions, 10 deletions
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h index d9611e032418..4616f468d599 100644 --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h | |||
| @@ -188,7 +188,8 @@ struct tcf_proto_ops { | |||
| 188 | 188 | ||
| 189 | unsigned long (*get)(struct tcf_proto*, u32 handle); | 189 | unsigned long (*get)(struct tcf_proto*, u32 handle); |
| 190 | void (*put)(struct tcf_proto*, unsigned long); | 190 | void (*put)(struct tcf_proto*, unsigned long); |
| 191 | int (*change)(struct tcf_proto*, unsigned long, | 191 | int (*change)(struct sk_buff *, |
| 192 | struct tcf_proto*, unsigned long, | ||
| 192 | u32 handle, struct nlattr **, | 193 | u32 handle, struct nlattr **, |
| 193 | unsigned long *); | 194 | unsigned long *); |
| 194 | int (*delete)(struct tcf_proto*, unsigned long); | 195 | int (*delete)(struct tcf_proto*, unsigned long); |
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 6dd1131f2ec1..dc3ef5aef355 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c | |||
| @@ -319,7 +319,7 @@ replay: | |||
| 319 | } | 319 | } |
| 320 | } | 320 | } |
| 321 | 321 | ||
| 322 | err = tp->ops->change(tp, cl, t->tcm_handle, tca, &fh); | 322 | err = tp->ops->change(skb, tp, cl, t->tcm_handle, tca, &fh); |
| 323 | if (err == 0) { | 323 | if (err == 0) { |
| 324 | if (tp_created) { | 324 | if (tp_created) { |
| 325 | spin_lock_bh(root_lock); | 325 | spin_lock_bh(root_lock); |
diff --git a/net/sched/cls_basic.c b/net/sched/cls_basic.c index 590960a22a77..344a11b342e5 100644 --- a/net/sched/cls_basic.c +++ b/net/sched/cls_basic.c | |||
| @@ -162,7 +162,8 @@ errout: | |||
| 162 | return err; | 162 | return err; |
| 163 | } | 163 | } |
| 164 | 164 | ||
| 165 | static int basic_change(struct tcf_proto *tp, unsigned long base, u32 handle, | 165 | static int basic_change(struct sk_buff *in_skb, |
| 166 | struct tcf_proto *tp, unsigned long base, u32 handle, | ||
| 166 | struct nlattr **tca, unsigned long *arg) | 167 | struct nlattr **tca, unsigned long *arg) |
| 167 | { | 168 | { |
| 168 | int err; | 169 | int err; |
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c index 7743ea8d1d38..91de66695b4a 100644 --- a/net/sched/cls_cgroup.c +++ b/net/sched/cls_cgroup.c | |||
| @@ -151,7 +151,8 @@ static const struct nla_policy cgroup_policy[TCA_CGROUP_MAX + 1] = { | |||
| 151 | [TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED }, | 151 | [TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED }, |
| 152 | }; | 152 | }; |
| 153 | 153 | ||
| 154 | static int cls_cgroup_change(struct tcf_proto *tp, unsigned long base, | 154 | static int cls_cgroup_change(struct sk_buff *in_skb, |
| 155 | struct tcf_proto *tp, unsigned long base, | ||
| 155 | u32 handle, struct nlattr **tca, | 156 | u32 handle, struct nlattr **tca, |
| 156 | unsigned long *arg) | 157 | unsigned long *arg) |
| 157 | { | 158 | { |
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c index ccd08c8dc6a7..ae854f3434b0 100644 --- a/net/sched/cls_flow.c +++ b/net/sched/cls_flow.c | |||
| @@ -347,7 +347,8 @@ static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = { | |||
| 347 | [TCA_FLOW_PERTURB] = { .type = NLA_U32 }, | 347 | [TCA_FLOW_PERTURB] = { .type = NLA_U32 }, |
| 348 | }; | 348 | }; |
| 349 | 349 | ||
| 350 | static int flow_change(struct tcf_proto *tp, unsigned long base, | 350 | static int flow_change(struct sk_buff *in_skb, |
| 351 | struct tcf_proto *tp, unsigned long base, | ||
| 351 | u32 handle, struct nlattr **tca, | 352 | u32 handle, struct nlattr **tca, |
| 352 | unsigned long *arg) | 353 | unsigned long *arg) |
| 353 | { | 354 | { |
diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c index 8384a4797240..4075a0aef2aa 100644 --- a/net/sched/cls_fw.c +++ b/net/sched/cls_fw.c | |||
| @@ -233,7 +233,8 @@ errout: | |||
| 233 | return err; | 233 | return err; |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | static int fw_change(struct tcf_proto *tp, unsigned long base, | 236 | static int fw_change(struct sk_buff *in_skb, |
| 237 | struct tcf_proto *tp, unsigned long base, | ||
| 237 | u32 handle, | 238 | u32 handle, |
| 238 | struct nlattr **tca, | 239 | struct nlattr **tca, |
| 239 | unsigned long *arg) | 240 | unsigned long *arg) |
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c index 44f405cb9aaf..c10d57bf98f2 100644 --- a/net/sched/cls_route.c +++ b/net/sched/cls_route.c | |||
| @@ -427,7 +427,8 @@ errout: | |||
| 427 | return err; | 427 | return err; |
| 428 | } | 428 | } |
| 429 | 429 | ||
| 430 | static int route4_change(struct tcf_proto *tp, unsigned long base, | 430 | static int route4_change(struct sk_buff *in_skb, |
| 431 | struct tcf_proto *tp, unsigned long base, | ||
| 431 | u32 handle, | 432 | u32 handle, |
| 432 | struct nlattr **tca, | 433 | struct nlattr **tca, |
| 433 | unsigned long *arg) | 434 | unsigned long *arg) |
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h index 18ab93ec8d7e..494bbb90924a 100644 --- a/net/sched/cls_rsvp.h +++ b/net/sched/cls_rsvp.h | |||
| @@ -416,7 +416,8 @@ static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = { | |||
| 416 | [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) }, | 416 | [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) }, |
| 417 | }; | 417 | }; |
| 418 | 418 | ||
| 419 | static int rsvp_change(struct tcf_proto *tp, unsigned long base, | 419 | static int rsvp_change(struct sk_buff *in_skb, |
| 420 | struct tcf_proto *tp, unsigned long base, | ||
| 420 | u32 handle, | 421 | u32 handle, |
| 421 | struct nlattr **tca, | 422 | struct nlattr **tca, |
| 422 | unsigned long *arg) | 423 | unsigned long *arg) |
diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c index fe29420d0b0e..a1293b4ab7a1 100644 --- a/net/sched/cls_tcindex.c +++ b/net/sched/cls_tcindex.c | |||
| @@ -332,7 +332,8 @@ errout: | |||
| 332 | } | 332 | } |
| 333 | 333 | ||
| 334 | static int | 334 | static int |
| 335 | tcindex_change(struct tcf_proto *tp, unsigned long base, u32 handle, | 335 | tcindex_change(struct sk_buff *in_skb, |
| 336 | struct tcf_proto *tp, unsigned long base, u32 handle, | ||
| 336 | struct nlattr **tca, unsigned long *arg) | 337 | struct nlattr **tca, unsigned long *arg) |
| 337 | { | 338 | { |
| 338 | struct nlattr *opt = tca[TCA_OPTIONS]; | 339 | struct nlattr *opt = tca[TCA_OPTIONS]; |
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index d45373fb00b9..c7c27bc91b5a 100644 --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c | |||
| @@ -544,7 +544,8 @@ errout: | |||
| 544 | return err; | 544 | return err; |
| 545 | } | 545 | } |
| 546 | 546 | ||
| 547 | static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle, | 547 | static int u32_change(struct sk_buff *in_skb, |
| 548 | struct tcf_proto *tp, unsigned long base, u32 handle, | ||
| 548 | struct nlattr **tca, | 549 | struct nlattr **tca, |
| 549 | unsigned long *arg) | 550 | unsigned long *arg) |
| 550 | { | 551 | { |