commit 9c0188acf6dd6990bac9cd906cd554a1476c6d12 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

net: shy netns_ok check

Failure to pass netns_ok check is SILENT, except some MIB counter is
incremented somewhere.

And adding "netns_ok = 1" (after long head-scratching session) is
usually the last step in making some protocol netns-ready...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Alexey Dobriyan and committed by David S. Miller 17 years ago 9c0188ac 6e093d9d

+9 -1

1 changed file

expand all

unified split

net

ipv4

ip_input.c

+9 -1

net/ipv4/ip_input.c

··· 209 210 hash = protocol & (MAX_INET_PROTOS - 1); 211 ipprot = rcu_dereference(inet_protos[hash]); 212 - if (ipprot != NULL && (net == &init_net || ipprot->netns_ok)) { 213 int ret; 214 215 if (!ipprot->no_policy) { 216 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {

··· 209 210 hash = protocol & (MAX_INET_PROTOS - 1); 211 ipprot = rcu_dereference(inet_protos[hash]); 212 + if (ipprot != NULL) { 213 int ret; 214 + 215 + if (!net_eq(net, &init_net) && !ipprot->netns_ok) { 216 + if (net_ratelimit()) 217 + printk("%s: proto %d isn't netns-ready\n", 218 + __func__, protocol); 219 + kfree_skb(skb); 220 + goto out; 221 + } 222 223 if (!ipprot->no_policy) { 224 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {