diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2007-09-17 14:53:39 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:49:08 -0400 |
| commit | e730c15519d09ea528b4d2f1103681fa5937c0e6 (patch) | |
| tree | c117294523f4d004fb1d740610b6403e5744cdfc /drivers | |
| parent | 6d34b1c27a72d5d1c73c567b2f6b1fde316e0eae (diff) | |
[NET]: Make packet reception network namespace safe
This patch modifies every packet receive function
registered with dev_add_pack() to drop packets if they
are not from the initial network namespace.
This should ensure that the various network stacks do
not receive packets in a anything but the initial network
namespace until the code has been converted and is ready
for them.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/block/aoe/aoenet.c | 4 | ||||
| -rw-r--r-- | drivers/net/bonding/bond_3ad.c | 4 | ||||
| -rw-r--r-- | drivers/net/bonding/bond_alb.c | 3 | ||||
| -rw-r--r-- | drivers/net/bonding/bond_main.c | 3 | ||||
| -rw-r--r-- | drivers/net/hamradio/bpqether.c | 3 | ||||
| -rw-r--r-- | drivers/net/pppoe.c | 6 | ||||
| -rw-r--r-- | drivers/net/wan/hdlc.c | 7 | ||||
| -rw-r--r-- | drivers/net/wan/lapbether.c | 3 | ||||
| -rw-r--r-- | drivers/net/wan/syncppp.c | 6 |
9 files changed, 39 insertions, 0 deletions
diff --git a/drivers/block/aoe/aoenet.c b/drivers/block/aoe/aoenet.c index f9ddfda4d9cb..4dc0fb7da94b 100644 --- a/drivers/block/aoe/aoenet.c +++ b/drivers/block/aoe/aoenet.c | |||
| @@ -8,6 +8,7 @@ | |||
| 8 | #include <linux/blkdev.h> | 8 | #include <linux/blkdev.h> |
| 9 | #include <linux/netdevice.h> | 9 | #include <linux/netdevice.h> |
| 10 | #include <linux/moduleparam.h> | 10 | #include <linux/moduleparam.h> |
| 11 | #include <net/net_namespace.h> | ||
| 11 | #include <asm/unaligned.h> | 12 | #include <asm/unaligned.h> |
| 12 | #include "aoe.h" | 13 | #include "aoe.h" |
| 13 | 14 | ||
| @@ -114,6 +115,9 @@ aoenet_rcv(struct sk_buff *skb, struct net_device *ifp, struct packet_type *pt, | |||
| 114 | struct aoe_hdr *h; | 115 | struct aoe_hdr *h; |
| 115 | u32 n; | 116 | u32 n; |
| 116 | 117 | ||
| 118 | if (ifp->nd_net != &init_net) | ||
| 119 | goto exit; | ||
| 120 | |||
| 117 | skb = skb_share_check(skb, GFP_ATOMIC); | 121 | skb = skb_share_check(skb, GFP_ATOMIC); |
| 118 | if (skb == NULL) | 122 | if (skb == NULL) |
| 119 | return 0; | 123 | return 0; |
diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c index f829e4ad8b49..94bd73941451 100644 --- a/drivers/net/bonding/bond_3ad.c +++ b/drivers/net/bonding/bond_3ad.c | |||
| @@ -29,6 +29,7 @@ | |||
| 29 | #include <linux/ethtool.h> | 29 | #include <linux/ethtool.h> |
| 30 | #include <linux/if_bonding.h> | 30 | #include <linux/if_bonding.h> |
| 31 | #include <linux/pkt_sched.h> | 31 | #include <linux/pkt_sched.h> |
| 32 | #include <net/net_namespace.h> | ||
| 32 | #include "bonding.h" | 33 | #include "bonding.h" |
| 33 | #include "bond_3ad.h" | 34 | #include "bond_3ad.h" |
| 34 | 35 | ||
| @@ -2448,6 +2449,9 @@ int bond_3ad_lacpdu_recv(struct sk_buff *skb, struct net_device *dev, struct pac | |||
| 2448 | struct slave *slave = NULL; | 2449 | struct slave *slave = NULL; |
| 2449 | int ret = NET_RX_DROP; | 2450 | int ret = NET_RX_DROP; |
| 2450 | 2451 | ||
| 2452 | if (dev->nd_net != &init_net) | ||
| 2453 | goto out; | ||
| 2454 | |||
| 2451 | if (!(dev->flags & IFF_MASTER)) | 2455 | if (!(dev->flags & IFF_MASTER)) |
| 2452 | goto out; | 2456 | goto out; |
| 2453 | 2457 | ||
diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c index 92c3b6f6a8e7..419a9f8fdd53 100644 --- a/drivers/net/bonding/bond_alb.c +++ b/drivers/net/bonding/bond_alb.c | |||
| @@ -345,6 +345,9 @@ static int rlb_arp_recv(struct sk_buff *skb, struct net_device *bond_dev, struct | |||
| 345 | struct arp_pkt *arp = (struct arp_pkt *)skb->data; | 345 | struct arp_pkt *arp = (struct arp_pkt *)skb->data; |
| 346 | int res = NET_RX_DROP; | 346 | int res = NET_RX_DROP; |
| 347 | 347 | ||
| 348 | if (bond_dev->nd_net != &init_net) | ||
| 349 | goto out; | ||
| 350 | |||
| 348 | if (!(bond_dev->flags & IFF_MASTER)) | 351 | if (!(bond_dev->flags & IFF_MASTER)) |
| 349 | goto out; | 352 | goto out; |
| 350 | 353 | ||
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 5de648f90a45..e4e5fdc0430b 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c | |||
| @@ -2458,6 +2458,9 @@ static int bond_arp_rcv(struct sk_buff *skb, struct net_device *dev, struct pack | |||
| 2458 | unsigned char *arp_ptr; | 2458 | unsigned char *arp_ptr; |
| 2459 | u32 sip, tip; | 2459 | u32 sip, tip; |
| 2460 | 2460 | ||
| 2461 | if (dev->nd_net != &init_net) | ||
| 2462 | goto out; | ||
| 2463 | |||
| 2461 | if (!(dev->priv_flags & IFF_BONDING) || !(dev->flags & IFF_MASTER)) | 2464 | if (!(dev->priv_flags & IFF_BONDING) || !(dev->flags & IFF_MASTER)) |
| 2462 | goto out; | 2465 | goto out; |
| 2463 | 2466 | ||
diff --git a/drivers/net/hamradio/bpqether.c b/drivers/net/hamradio/bpqether.c index 1699d42d13ca..85fb8e7efacf 100644 --- a/drivers/net/hamradio/bpqether.c +++ b/drivers/net/hamradio/bpqether.c | |||
| @@ -173,6 +173,9 @@ static int bpq_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_ty | |||
| 173 | struct ethhdr *eth; | 173 | struct ethhdr *eth; |
| 174 | struct bpqdev *bpq; | 174 | struct bpqdev *bpq; |
| 175 | 175 | ||
| 176 | if (dev->nd_net != &init_net) | ||
| 177 | goto drop; | ||
| 178 | |||
| 176 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) | 179 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) |
| 177 | return NET_RX_DROP; | 180 | return NET_RX_DROP; |
| 178 | 181 | ||
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c index 53fcee26d6ae..60c0e4e17875 100644 --- a/drivers/net/pppoe.c +++ b/drivers/net/pppoe.c | |||
| @@ -389,6 +389,9 @@ static int pppoe_rcv(struct sk_buff *skb, | |||
| 389 | if (!(skb = skb_share_check(skb, GFP_ATOMIC))) | 389 | if (!(skb = skb_share_check(skb, GFP_ATOMIC))) |
| 390 | goto out; | 390 | goto out; |
| 391 | 391 | ||
| 392 | if (dev->nd_net != &init_net) | ||
| 393 | goto drop; | ||
| 394 | |||
| 392 | if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) | 395 | if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) |
| 393 | goto drop; | 396 | goto drop; |
| 394 | 397 | ||
| @@ -418,6 +421,9 @@ static int pppoe_disc_rcv(struct sk_buff *skb, | |||
| 418 | struct pppoe_hdr *ph; | 421 | struct pppoe_hdr *ph; |
| 419 | struct pppox_sock *po; | 422 | struct pppox_sock *po; |
| 420 | 423 | ||
| 424 | if (dev->nd_net != &init_net) | ||
| 425 | goto abort; | ||
| 426 | |||
| 421 | if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) | 427 | if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) |
| 422 | goto abort; | 428 | goto abort; |
| 423 | 429 | ||
diff --git a/drivers/net/wan/hdlc.c b/drivers/net/wan/hdlc.c index 65ad2e24caf0..3b57350eacca 100644 --- a/drivers/net/wan/hdlc.c +++ b/drivers/net/wan/hdlc.c | |||
| @@ -36,6 +36,7 @@ | |||
| 36 | #include <linux/rtnetlink.h> | 36 | #include <linux/rtnetlink.h> |
| 37 | #include <linux/notifier.h> | 37 | #include <linux/notifier.h> |
| 38 | #include <linux/hdlc.h> | 38 | #include <linux/hdlc.h> |
| 39 | #include <net/net_namespace.h> | ||
| 39 | 40 | ||
| 40 | 41 | ||
| 41 | static const char* version = "HDLC support module revision 1.21"; | 42 | static const char* version = "HDLC support module revision 1.21"; |
| @@ -66,6 +67,12 @@ static int hdlc_rcv(struct sk_buff *skb, struct net_device *dev, | |||
| 66 | struct packet_type *p, struct net_device *orig_dev) | 67 | struct packet_type *p, struct net_device *orig_dev) |
| 67 | { | 68 | { |
| 68 | struct hdlc_device_desc *desc = dev_to_desc(dev); | 69 | struct hdlc_device_desc *desc = dev_to_desc(dev); |
| 70 | |||
| 71 | if (dev->nd_net != &init_net) { | ||
| 72 | kfree_skb(skb); | ||
| 73 | return 0; | ||
| 74 | } | ||
| 75 | |||
| 69 | if (desc->netif_rx) | 76 | if (desc->netif_rx) |
| 70 | return desc->netif_rx(skb); | 77 | return desc->netif_rx(skb); |
| 71 | 78 | ||
diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c index 6c302e9dbca2..ca8b3c3cb931 100644 --- a/drivers/net/wan/lapbether.c +++ b/drivers/net/wan/lapbether.c | |||
| @@ -91,6 +91,9 @@ static int lapbeth_rcv(struct sk_buff *skb, struct net_device *dev, struct packe | |||
| 91 | int len, err; | 91 | int len, err; |
| 92 | struct lapbethdev *lapbeth; | 92 | struct lapbethdev *lapbeth; |
| 93 | 93 | ||
| 94 | if (dev->nd_net != &init_net) | ||
| 95 | goto drop; | ||
| 96 | |||
| 94 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) | 97 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) |
| 95 | return NET_RX_DROP; | 98 | return NET_RX_DROP; |
| 96 | 99 | ||
diff --git a/drivers/net/wan/syncppp.c b/drivers/net/wan/syncppp.c index 67fc67cfd452..5c71af6ea3a5 100644 --- a/drivers/net/wan/syncppp.c +++ b/drivers/net/wan/syncppp.c | |||
| @@ -51,6 +51,7 @@ | |||
| 51 | #include <linux/spinlock.h> | 51 | #include <linux/spinlock.h> |
| 52 | #include <linux/rcupdate.h> | 52 | #include <linux/rcupdate.h> |
| 53 | 53 | ||
| 54 | #include <net/net_namespace.h> | ||
| 54 | #include <net/syncppp.h> | 55 | #include <net/syncppp.h> |
| 55 | 56 | ||
| 56 | #include <asm/byteorder.h> | 57 | #include <asm/byteorder.h> |
| @@ -1445,6 +1446,11 @@ static void sppp_print_bytes (u_char *p, u16 len) | |||
| 1445 | 1446 | ||
| 1446 | static int sppp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *p, struct net_device *orig_dev) | 1447 | static int sppp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *p, struct net_device *orig_dev) |
| 1447 | { | 1448 | { |
| 1449 | if (dev->nd_net != &init_net) { | ||
| 1450 | kfree_skb(skb); | ||
| 1451 | return 0; | ||
| 1452 | } | ||
| 1453 | |||
| 1448 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) | 1454 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) |
| 1449 | return NET_RX_DROP; | 1455 | return NET_RX_DROP; |
| 1450 | sppp_input(dev,skb); | 1456 | sppp_input(dev,skb); |