net/ipv4: bind ip_nonlocal_bind to current netns

net.ipv4.ip_nonlocal_bind sysctl was global to all network namespaces. This patch allows to set a different value for each network namespace. Signed-off-by: Vincent Bernat <vincent@bernat.im> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vincent Bernat <vincent@bernat.im> 2014-09-05 09:09:03 -0400
committer: David S. Miller <davem@davemloft.net> 2014-09-09 14:27:09 -0400
commit: 49a601589caaf0e93194c0cc9b4ecddbe75dd2d5 (patch)
tree: cb4486c3522885f9b6bb61f10960e3b7b27a5b4f /net/ipv4
parent: afddacc3ccd048c49c7f4f0ad0b6a40730c74715 (diff)
3 files changed, 9 insertions, 13 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index d156b3c5f363..b537bd94906c 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -418,10 +418,6 @@ int inet_release(struct socket *sock)
 }
 EXPORT_SYMBOL(inet_release);
-/* It is off by default, see below. */
-int sysctl_ip_nonlocal_bind __read_mostly;
-EXPORT_SYMBOL(sysctl_ip_nonlocal_bind);
 int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 {
        struct sockaddr_in *addr = (struct sockaddr_in *)uaddr;
@@ -461,7 +457,7 @@ int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
         *  is temporarily down)
         */
        err = -EADDRNOTAVAIL;
-        if (!sysctl_ip_nonlocal_bind &&
+        if (!net->ipv4.sysctl_ip_nonlocal_bind &&
            !(inet->freebind || inet->transparent) &&
            addr->sin_addr.s_addr != htonl(INADDR_ANY) &&
            chk_addr_ret != RTN_LOCAL &&
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index a3c59a077a5f..57f7c9804139 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -311,7 +311,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
                if (addr->sin_addr.s_addr == htonl(INADDR_ANY))
                        chk_addr_ret = RTN_LOCAL;
-                if ((sysctl_ip_nonlocal_bind == 0 &&
+                if ((net->ipv4.sysctl_ip_nonlocal_bind == 0 &&
                    isk->freebind == 0 && isk->transparent == 0 &&
                     chk_addr_ret != RTN_LOCAL) ||
                    chk_addr_ret == RTN_MULTICAST ||
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 45d156dacd61..1599966f4639 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -286,13 +286,6 @@ static struct ctl_table ipv4_table[] = {
                .extra2         = &ip_ttl_max,
        },
        {
-                .procname       = "ip_nonlocal_bind",
-                .data           = &sysctl_ip_nonlocal_bind,
-                .maxlen         = sizeof(int),
-                .mode           = 0644,
-                .proc_handler   = proc_dointvec
-        },
-        {
                .procname       = "tcp_syn_retries",
                .data           = &sysctl_tcp_syn_retries,
                .maxlen         = sizeof(int),
@@ -849,6 +842,13 @@ static struct ctl_table ipv4_net_table[] = {
                .proc_handler   = proc_dointvec,
        },
        {
+                .procname       = "ip_nonlocal_bind",
+                .data           = &init_net.ipv4.sysctl_ip_nonlocal_bind,
+                .maxlen         = sizeof(int),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec
+        },
+        {
                .procname       = "fwmark_reflect",
                .data           = &init_net.ipv4.sysctl_fwmark_reflect,
                .maxlen         = sizeof(int),
author	Vincent Bernat <vincent@bernat.im>	2014-09-05 09:09:03 -0400
committer	David S. Miller <davem@davemloft.net>	2014-09-09 14:27:09 -0400
commit	49a601589caaf0e93194c0cc9b4ecddbe75dd2d5 (patch)
tree	cb4486c3522885f9b6bb61f10960e3b7b27a5b4f /net/ipv4
parent	afddacc3ccd048c49c7f4f0ad0b6a40730c74715 (diff)