diff options
| author | Denis V. Lunev <den@openvz.org> | 2007-11-30 08:21:31 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:54:24 -0500 |
| commit | b854272b3c732316676e9128f7b9e6f1e1ff88b0 (patch) | |
| tree | c90c74b9ec068453881f1173da4c57d6bb00a7d9 /net/ipv6/route.c | |
| parent | ad5d20a63940fcfb40af76ba06148f36d5d0b433 (diff) | |
[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)
Before I can enable rtnetlink to work in all network namespaces I need
to be certain that something won't break. So this patch deliberately
disables all of the rtnletlink methods in everything except the
initial network namespace. After the methods have been audited this
extra check can be disabled.
Changes from v1:
- added IPv6 addrlabel protection
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'net/ipv6/route.c')
| -rw-r--r-- | net/ipv6/route.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 4ef2cfaa3467..5e1c5796761b 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c | |||
| @@ -2003,9 +2003,13 @@ errout: | |||
| 2003 | 2003 | ||
| 2004 | static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | 2004 | static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) |
| 2005 | { | 2005 | { |
| 2006 | struct net *net = skb->sk->sk_net; | ||
| 2006 | struct fib6_config cfg; | 2007 | struct fib6_config cfg; |
| 2007 | int err; | 2008 | int err; |
| 2008 | 2009 | ||
| 2010 | if (net != &init_net) | ||
| 2011 | return -EINVAL; | ||
| 2012 | |||
| 2009 | err = rtm_to_fib6_config(skb, nlh, &cfg); | 2013 | err = rtm_to_fib6_config(skb, nlh, &cfg); |
| 2010 | if (err < 0) | 2014 | if (err < 0) |
| 2011 | return err; | 2015 | return err; |
| @@ -2015,9 +2019,13 @@ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a | |||
| 2015 | 2019 | ||
| 2016 | static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | 2020 | static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) |
| 2017 | { | 2021 | { |
| 2022 | struct net *net = skb->sk->sk_net; | ||
| 2018 | struct fib6_config cfg; | 2023 | struct fib6_config cfg; |
| 2019 | int err; | 2024 | int err; |
| 2020 | 2025 | ||
| 2026 | if (net != &init_net) | ||
| 2027 | return -EINVAL; | ||
| 2028 | |||
| 2021 | err = rtm_to_fib6_config(skb, nlh, &cfg); | 2029 | err = rtm_to_fib6_config(skb, nlh, &cfg); |
| 2022 | if (err < 0) | 2030 | if (err < 0) |
| 2023 | return err; | 2031 | return err; |
| @@ -2152,6 +2160,7 @@ int rt6_dump_route(struct rt6_info *rt, void *p_arg) | |||
| 2152 | 2160 | ||
| 2153 | static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) | 2161 | static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) |
| 2154 | { | 2162 | { |
| 2163 | struct net *net = in_skb->sk->sk_net; | ||
| 2155 | struct nlattr *tb[RTA_MAX+1]; | 2164 | struct nlattr *tb[RTA_MAX+1]; |
| 2156 | struct rt6_info *rt; | 2165 | struct rt6_info *rt; |
| 2157 | struct sk_buff *skb; | 2166 | struct sk_buff *skb; |
| @@ -2159,6 +2168,9 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void | |||
| 2159 | struct flowi fl; | 2168 | struct flowi fl; |
| 2160 | int err, iif = 0; | 2169 | int err, iif = 0; |
| 2161 | 2170 | ||
| 2171 | if (net != &init_net) | ||
| 2172 | return -EINVAL; | ||
| 2173 | |||
| 2162 | err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); | 2174 | err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); |
| 2163 | if (err < 0) | 2175 | if (err < 0) |
| 2164 | goto errout; | 2176 | goto errout; |