ipv4: Disallow non-namespace aware protocols to register.

All in-tree ipv4 protocol implementations are now namespace aware. Therefore all the run-time checks are superfluous. Reject registry of any non-namespace aware ipv4 protocol. Eventually we'll remove prot->netns_ok and this registry time check as well. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-02-05 14:42:23 -0500
committer: David S. Miller <davem@davemloft.net> 2013-02-05 14:42:23 -0500
commit: 547472b8e1da72ae226430c0c4273e36fc8ca768 (patch)
tree: 2300023f8d0fa943725e1b4ea3b2b95c91de4430 /net/ipv4
parent: 9d6ddb19905223828485d8c40deaec76e4dea3a5 (diff)
3 files changed, 6 insertions, 26 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 49ddca31c4da..1aec92bf8018 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -263,21 +263,6 @@ void build_ehash_secret(void)
 }
 EXPORT_SYMBOL(build_ehash_secret);
-static inline int inet_netns_ok(struct net *net, __u8 protocol)
-{
-        const struct net_protocol *ipprot;
-        if (net_eq(net, &init_net))
-                return 1;
-        ipprot = rcu_dereference(inet_protos[protocol]);
-        if (ipprot == NULL) {
-                /* raw IP is OK */
-                return 1;
-        }
-        return ipprot->netns_ok;
-}
 /*
 *      Create an inet socket.
 */
@@ -350,10 +335,6 @@ lookup_protocol:
            !ns_capable(net->user_ns, CAP_NET_RAW))
                goto out_rcu_unlock;
-        err = -EAFNOSUPPORT;
-        if (!inet_netns_ok(net, protocol))
-                goto out_rcu_unlock;
        sock->ops = answer->ops;
        answer_prot = answer->prot;
        answer_no_check = answer->no_check;
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index f1395a6fb35f..87abd3e2bd32 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -208,13 +208,6 @@ static int ip_local_deliver_finish(struct sk_buff *skb)
                if (ipprot != NULL) {
                        int ret;
-                        if (!net_eq(net, &init_net) && !ipprot->netns_ok) {
-                                net_info_ratelimited("%s: proto %d isn't netns-ready\n",
-                                                     __func__, protocol);
-                                kfree_skb(skb);
-                                goto out;
-                        }
                        if (!ipprot->no_policy) {
                                if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
                                        kfree_skb(skb);
diff --git a/net/ipv4/protocol.c b/net/ipv4/protocol.c
index 0f9d09f54bd9..ce848461acbb 100644
--- a/net/ipv4/protocol.c
+++ b/net/ipv4/protocol.c
@@ -37,6 +37,12 @@ const struct net_offload __rcu *inet_offloads[MAX_INET_PROTOS] __read_mostly;
 int inet_add_protocol(const struct net_protocol *prot, unsigned char protocol)
 {
+        if (!prot->netns_ok) {
+                pr_err("Protocol %u is not namespace aware, cannot register.\n",
+                        protocol);
+                return -EINVAL;
+        }
        return !cmpxchg((const struct net_protocol **)&inet_protos[protocol],
                        NULL, prot) ? 0 : -1;
 }
author	David S. Miller <davem@davemloft.net>	2013-02-05 14:42:23 -0500
committer	David S. Miller <davem@davemloft.net>	2013-02-05 14:42:23 -0500
commit	547472b8e1da72ae226430c0c4273e36fc8ca768 (patch)
tree	2300023f8d0fa943725e1b4ea3b2b95c91de4430 /net/ipv4
parent	9d6ddb19905223828485d8c40deaec76e4dea3a5 (diff)