diff options
| author | Denis V. Lunev <den@openvz.org> | 2007-11-30 08:21:31 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:54:24 -0500 |
| commit | b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch) | |
| tree | c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/decnet/dn_dev.c | |
| parent | ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff) | |
[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)
Before I can enable rtnetlink to work in all network namespaces I need
to be certain that something won't break. So this patch deliberately
disables all of the rtnletlink methods in everything except the
initial network namespace. After the methods have been audited this
extra check can be disabled.
Changes from v1:
- added IPv6 addrlabel protection
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'net/decnet/dn_dev.c')
| -rw-r--r-- | net/decnet/dn_dev.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c index 3bc82dc83b38..94256845a057 100644 --- a/net/decnet/dn_dev.c +++ b/net/decnet/dn_dev.c | |||
| @@ -647,11 +647,15 @@ static const struct nla_policy dn_ifa_policy[IFA_MAX+1] = { | |||
| 647 | 647 | ||
| 648 | static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) | 648 | static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) |
| 649 | { | 649 | { |
| 650 | struct net *net = skb->sk->sk_net; | ||
| 650 | struct nlattr *tb[IFA_MAX+1]; | 651 | struct nlattr *tb[IFA_MAX+1]; |
| 651 | struct dn_dev *dn_db; | 652 | struct dn_dev *dn_db; |
| 652 | struct ifaddrmsg *ifm; | 653 | struct ifaddrmsg *ifm; |
| 653 | struct dn_ifaddr *ifa, **ifap; | 654 | struct dn_ifaddr *ifa, **ifap; |
| 654 | int err; | 655 | int err = -EINVAL; |
| 656 | |||
| 657 | if (net != &init_net) | ||
| 658 | goto errout; | ||
| 655 | 659 | ||
| 656 | err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy); | 660 | err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy); |
| 657 | if (err < 0) | 661 | if (err < 0) |
| @@ -681,6 +685,7 @@ errout: | |||
| 681 | 685 | ||
| 682 | static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) | 686 | static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) |
| 683 | { | 687 | { |
| 688 | struct net *net = skb->sk->sk_net; | ||
| 684 | struct nlattr *tb[IFA_MAX+1]; | 689 | struct nlattr *tb[IFA_MAX+1]; |
| 685 | struct net_device *dev; | 690 | struct net_device *dev; |
| 686 | struct dn_dev *dn_db; | 691 | struct dn_dev *dn_db; |
| @@ -688,6 +693,9 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) | |||
| 688 | struct dn_ifaddr *ifa; | 693 | struct dn_ifaddr *ifa; |
| 689 | int err; | 694 | int err; |
| 690 | 695 | ||
| 696 | if (net != &init_net) | ||
| 697 | return -EINVAL; | ||
| 698 | |||
| 691 | err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy); | 699 | err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy); |
| 692 | if (err < 0) | 700 | if (err < 0) |
| 693 | return err; | 701 | return err; |
| @@ -793,11 +801,15 @@ errout: | |||
| 793 | 801 | ||
| 794 | static int dn_nl_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) | 802 | static int dn_nl_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) |
| 795 | { | 803 | { |
| 804 | struct net *net = skb->sk->sk_net; | ||
| 796 | int idx, dn_idx = 0, skip_ndevs, skip_naddr; | 805 | int idx, dn_idx = 0, skip_ndevs, skip_naddr; |
| 797 | struct net_device *dev; | 806 | struct net_device *dev; |
| 798 | struct dn_dev *dn_db; | 807 | struct dn_dev *dn_db; |
| 799 | struct dn_ifaddr *ifa; | 808 | struct dn_ifaddr *ifa; |
| 800 | 809 | ||
| 810 | if (net != &init_net) | ||
| 811 | return 0; | ||
| 812 | |||
| 801 | skip_ndevs = cb->args[0]; | 813 | skip_ndevs = cb->args[0]; |
| 802 | skip_naddr = cb->args[1]; | 814 | skip_naddr = cb->args[1]; |
| 803 | 815 | ||