aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/addrlabel.c
diff options
context:
space:
mode:
authorDenis V. Lunev <den@openvz.org>2007-11-30 08:21:31 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:54:24 -0500
commitb854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch)
treec90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/ipv6/addrlabel.c
parentad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff)
[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)
Before I can enable rtnetlink to work in all network namespaces I need to be certain that something won't break. So this patch deliberately disables all of the rtnletlink methods in everything except the initial network namespace. After the methods have been audited this extra check can be disabled. Changes from v1: - added IPv6 addrlabel protection Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'net/ipv6/addrlabel.c')
-rw-r--r--net/ipv6/addrlabel.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index 204d4d66834c..b9b5d5707142 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -361,12 +361,16 @@ static const struct nla_policy ifal_policy[IFAL_MAX+1] = {
361static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, 361static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh,
362 void *arg) 362 void *arg)
363{ 363{
364 struct net *net = skb->sk->sk_net;
364 struct ifaddrlblmsg *ifal; 365 struct ifaddrlblmsg *ifal;
365 struct nlattr *tb[IFAL_MAX+1]; 366 struct nlattr *tb[IFAL_MAX+1];
366 struct in6_addr *pfx; 367 struct in6_addr *pfx;
367 u32 label; 368 u32 label;
368 int err = 0; 369 int err = 0;
369 370
371 if (net != &init_net)
372 return 0;
373
370 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); 374 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);
371 if (err < 0) 375 if (err < 0)
372 return err; 376 return err;
@@ -445,11 +449,15 @@ static int ip6addrlbl_fill(struct sk_buff *skb,
445 449
446static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb) 450static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb)
447{ 451{
452 struct net *net = skb->sk->sk_net;
448 struct ip6addrlbl_entry *p; 453 struct ip6addrlbl_entry *p;
449 struct hlist_node *pos; 454 struct hlist_node *pos;
450 int idx = 0, s_idx = cb->args[0]; 455 int idx = 0, s_idx = cb->args[0];
451 int err; 456 int err;
452 457
458 if (net != &init_net)
459 return 0;
460
453 rcu_read_lock(); 461 rcu_read_lock();
454 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { 462 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {
455 if (idx >= s_idx) { 463 if (idx >= s_idx) {
@@ -479,6 +487,7 @@ static inline int ip6addrlbl_msgsize(void)
479static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, 487static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
480 void *arg) 488 void *arg)
481{ 489{
490 struct net *net = in_skb->sk->sk_net;
482 struct ifaddrlblmsg *ifal; 491 struct ifaddrlblmsg *ifal;
483 struct nlattr *tb[IFAL_MAX+1]; 492 struct nlattr *tb[IFAL_MAX+1];
484 struct in6_addr *addr; 493 struct in6_addr *addr;
@@ -487,6 +496,9 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
487 struct ip6addrlbl_entry *p; 496 struct ip6addrlbl_entry *p;
488 struct sk_buff *skb; 497 struct sk_buff *skb;
489 498
499 if (net != &init_net)
500 return 0;
501
490 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); 502 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);
491 if (err < 0) 503 if (err < 0)
492 return err; 504 return err;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-14 09:23:41 -0500