diff options
-rw-r--r-- | net/ipv4/af_inet.c | 19 | ||||
-rw-r--r-- | net/ipv4/ip_input.c | 7 | ||||
-rw-r--r-- | net/ipv4/protocol.c | 6 |
3 files changed, 6 insertions, 26 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 49ddca31c4da..1aec92bf8018 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c | |||
@@ -263,21 +263,6 @@ void build_ehash_secret(void) | |||
263 | } | 263 | } |
264 | EXPORT_SYMBOL(build_ehash_secret); | 264 | EXPORT_SYMBOL(build_ehash_secret); |
265 | 265 | ||
266 | static inline int inet_netns_ok(struct net *net, __u8 protocol) | ||
267 | { | ||
268 | const struct net_protocol *ipprot; | ||
269 | |||
270 | if (net_eq(net, &init_net)) | ||
271 | return 1; | ||
272 | |||
273 | ipprot = rcu_dereference(inet_protos[protocol]); | ||
274 | if (ipprot == NULL) { | ||
275 | /* raw IP is OK */ | ||
276 | return 1; | ||
277 | } | ||
278 | return ipprot->netns_ok; | ||
279 | } | ||
280 | |||
281 | /* | 266 | /* |
282 | * Create an inet socket. | 267 | * Create an inet socket. |
283 | */ | 268 | */ |
@@ -350,10 +335,6 @@ lookup_protocol: | |||
350 | !ns_capable(net->user_ns, CAP_NET_RAW)) | 335 | !ns_capable(net->user_ns, CAP_NET_RAW)) |
351 | goto out_rcu_unlock; | 336 | goto out_rcu_unlock; |
352 | 337 | ||
353 | err = -EAFNOSUPPORT; | ||
354 | if (!inet_netns_ok(net, protocol)) | ||
355 | goto out_rcu_unlock; | ||
356 | |||
357 | sock->ops = answer->ops; | 338 | sock->ops = answer->ops; |
358 | answer_prot = answer->prot; | 339 | answer_prot = answer->prot; |
359 | answer_no_check = answer->no_check; | 340 | answer_no_check = answer->no_check; |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index f1395a6fb35f..87abd3e2bd32 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -208,13 +208,6 @@ static int ip_local_deliver_finish(struct sk_buff *skb) | |||
208 | if (ipprot != NULL) { | 208 | if (ipprot != NULL) { |
209 | int ret; | 209 | int ret; |
210 | 210 | ||
211 | if (!net_eq(net, &init_net) && !ipprot->netns_ok) { | ||
212 | net_info_ratelimited("%s: proto %d isn't netns-ready\n", | ||
213 | __func__, protocol); | ||
214 | kfree_skb(skb); | ||
215 | goto out; | ||
216 | } | ||
217 | |||
218 | if (!ipprot->no_policy) { | 211 | if (!ipprot->no_policy) { |
219 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { | 212 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
220 | kfree_skb(skb); | 213 | kfree_skb(skb); |
diff --git a/net/ipv4/protocol.c b/net/ipv4/protocol.c index 0f9d09f54bd9..ce848461acbb 100644 --- a/net/ipv4/protocol.c +++ b/net/ipv4/protocol.c | |||
@@ -37,6 +37,12 @@ const struct net_offload __rcu *inet_offloads[MAX_INET_PROTOS] __read_mostly; | |||
37 | 37 | ||
38 | int inet_add_protocol(const struct net_protocol *prot, unsigned char protocol) | 38 | int inet_add_protocol(const struct net_protocol *prot, unsigned char protocol) |
39 | { | 39 | { |
40 | if (!prot->netns_ok) { | ||
41 | pr_err("Protocol %u is not namespace aware, cannot register.\n", | ||
42 | protocol); | ||
43 | return -EINVAL; | ||
44 | } | ||
45 | |||
40 | return !cmpxchg((const struct net_protocol **)&inet_protos[protocol], | 46 | return !cmpxchg((const struct net_protocol **)&inet_protos[protocol], |
41 | NULL, prot) ? 0 : -1; | 47 | NULL, prot) ? 0 : -1; |
42 | } | 48 | } |