lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Nov 2019 14:56:52 +0100 From: Jonas Bonn <jonas@...rbonn.se> To: nicolas.dichtel@...nd.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Cc: davem@...emloft.net, Jonas Bonn <jonas@...rbonn.se> Subject: [PATCH v3 1/1] net: ipv6: allow setting address on interface outside current namespace This patch allows an interface outside of the current namespace to be selected when setting a new IPv6 address for a device. This uses the IFA_TARGET_NETNSID attribute to select the namespace in which to search for the interface to act upon. Signed-off-by: Jonas Bonn <jonas@...rbonn.se> --- I messed up this patch and the cleanup code path wasn't included. It should look like this. Sorry for the noise. /Jonas net/ipv6/addrconf.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 34ccef18b40e..8ef8297db150 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -4721,6 +4721,7 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { struct net *net = sock_net(skb->sk); + struct net *tgt_net = NULL; struct ifaddrmsg *ifm; struct nlattr *tb[IFA_MAX+1]; struct in6_addr *peer_pfx; @@ -4758,9 +4759,23 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, cfg.preferred_lft = ci->ifa_prefered; } + if (tb[IFA_TARGET_NETNSID]) { + s32 netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]); + + tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, netnsid); + if (IS_ERR(tgt_net)) { + NL_SET_ERR_MSG(extack, + "ipv6: Invalid target network namespace id"); + return PTR_ERR(tgt_net); + } + net = tgt_net; + } + dev = __dev_get_by_index(net, ifm->ifa_index); - if (!dev) - return -ENODEV; + if (!dev) { + err = -ENODEV; + goto out; + } if (tb[IFA_FLAGS]) cfg.ifa_flags = nla_get_u32(tb[IFA_FLAGS]); @@ -4773,8 +4788,10 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, IFA_F_MCAUTOJOIN | IFA_F_OPTIMISTIC; idev = ipv6_find_idev(dev); - if (IS_ERR(idev)) - return PTR_ERR(idev); + if (IS_ERR(idev)) { + err = PTR_ERR(idev); + goto out; + } if (!ipv6_allow_optimistic_dad(net, idev)) cfg.ifa_flags &= ~IFA_F_OPTIMISTIC; @@ -4782,7 +4799,8 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, if (cfg.ifa_flags & IFA_F_NODAD && cfg.ifa_flags & IFA_F_OPTIMISTIC) { NL_SET_ERR_MSG(extack, "IFA_F_NODAD and IFA_F_OPTIMISTIC are mutually exclusive"); - return -EINVAL; + err = -EINVAL; + goto out; } ifa = ipv6_get_ifaddr(net, cfg.pfx, dev, 1); @@ -4791,7 +4809,8 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, * It would be best to check for !NLM_F_CREATE here but * userspace already relies on not having to provide this. */ - return inet6_addr_add(net, ifm->ifa_index, &cfg, extack); + err = inet6_addr_add(net, ifm->ifa_index, &cfg, extack); + goto out; } if (nlh->nlmsg_flags & NLM_F_EXCL || @@ -4802,6 +4821,9 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, in6_ifa_put(ifa); +out: + if (tgt_net) + put_net(tgt_net); return err; } -- 2.20.1
Powered by blists - more mailing lists