rtnetlink.c (36302685f59345959de96d0d70a5ad20a3a3451b) rtnetlink.c (c383edc42403b0bca31cbaabafd44dd58afb202f)
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * Routing netlink socket interface: protocol independent part.
7 *
8 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>

--- 1831 unchanged lines hidden (view full) ---

1840{
1841 if (link_master_filtered(dev, master_idx) ||
1842 link_kind_filtered(dev, kind_ops))
1843 return true;
1844
1845 return false;
1846}
1847
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * Routing netlink socket interface: protocol independent part.
7 *
8 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>

--- 1831 unchanged lines hidden (view full) ---

1840{
1841 if (link_master_filtered(dev, master_idx) ||
1842 link_kind_filtered(dev, kind_ops))
1843 return true;
1844
1845 return false;
1846}
1847
1848static struct net *get_target_net(struct sock *sk, int netnsid)
1848/**
1849 * rtnl_get_net_ns_capable - Get netns if sufficiently privileged.
1850 * @sk: netlink socket
1851 * @netnsid: network namespace identifier
1852 *
1853 * Returns the network namespace identified by netnsid on success or an error
1854 * pointer on failure.
1855 */
1856struct net *rtnl_get_net_ns_capable(struct sock *sk, int netnsid)
1849{
1850 struct net *net;
1851
1852 net = get_net_ns_by_id(sock_net(sk), netnsid);
1853 if (!net)
1854 return ERR_PTR(-EINVAL);
1855
1856 /* For now, the caller is required to have CAP_NET_ADMIN in
1857 * the user namespace owning the target net ns.
1858 */
1859 if (!sk_ns_capable(sk, net->user_ns, CAP_NET_ADMIN)) {
1860 put_net(net);
1861 return ERR_PTR(-EACCES);
1862 }
1863 return net;
1864}
1857{
1858 struct net *net;
1859
1860 net = get_net_ns_by_id(sock_net(sk), netnsid);
1861 if (!net)
1862 return ERR_PTR(-EINVAL);
1863
1864 /* For now, the caller is required to have CAP_NET_ADMIN in
1865 * the user namespace owning the target net ns.
1866 */
1867 if (!sk_ns_capable(sk, net->user_ns, CAP_NET_ADMIN)) {
1868 put_net(net);
1869 return ERR_PTR(-EACCES);
1870 }
1871 return net;
1872}
1873EXPORT_SYMBOL_GPL(rtnl_get_net_ns_capable);
1865
1866static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1867{
1868 struct net *net = sock_net(skb->sk);
1869 struct net *tgt_net = net;
1870 int h, s_h;
1871 int idx = 0, s_idx;
1872 struct net_device *dev;

--- 19 unchanged lines hidden (view full) ---

1892 */
1893 hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
1894 sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
1895
1896 if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX,
1897 ifla_policy, NULL) >= 0) {
1898 if (tb[IFLA_IF_NETNSID]) {
1899 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
1874
1875static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1876{
1877 struct net *net = sock_net(skb->sk);
1878 struct net *tgt_net = net;
1879 int h, s_h;
1880 int idx = 0, s_idx;
1881 struct net_device *dev;

--- 19 unchanged lines hidden (view full) ---

1901 */
1902 hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
1903 sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
1904
1905 if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX,
1906 ifla_policy, NULL) >= 0) {
1907 if (tb[IFLA_IF_NETNSID]) {
1908 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
1900 tgt_net = get_target_net(skb->sk, netnsid);
1909 tgt_net = rtnl_get_net_ns_capable(skb->sk, netnsid);
1901 if (IS_ERR(tgt_net)) {
1902 tgt_net = net;
1903 netnsid = -1;
1904 }
1905 }
1906
1907 if (tb[IFLA_EXT_MASK])
1908 ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);

--- 851 unchanged lines hidden (view full) ---

2760 if (err < 0)
2761 return err;
2762
2763 if (tb[IFLA_IFNAME])
2764 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
2765
2766 if (tb[IFLA_IF_NETNSID]) {
2767 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
1910 if (IS_ERR(tgt_net)) {
1911 tgt_net = net;
1912 netnsid = -1;
1913 }
1914 }
1915
1916 if (tb[IFLA_EXT_MASK])
1917 ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);

--- 851 unchanged lines hidden (view full) ---

2769 if (err < 0)
2770 return err;
2771
2772 if (tb[IFLA_IFNAME])
2773 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
2774
2775 if (tb[IFLA_IF_NETNSID]) {
2776 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
2768 tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid);
2777 tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, netnsid);
2769 if (IS_ERR(tgt_net))
2770 return PTR_ERR(tgt_net);
2771 }
2772
2773 err = -EINVAL;
2774 ifm = nlmsg_data(nlh);
2775 if (ifm->ifi_index > 0)
2776 dev = __dev_get_by_index(tgt_net, ifm->ifi_index);

--- 393 unchanged lines hidden (view full) ---

3170 return err;
3171
3172 err = rtnl_ensure_unique_netns(tb, extack, true);
3173 if (err < 0)
3174 return err;
3175
3176 if (tb[IFLA_IF_NETNSID]) {
3177 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
2778 if (IS_ERR(tgt_net))
2779 return PTR_ERR(tgt_net);
2780 }
2781
2782 err = -EINVAL;
2783 ifm = nlmsg_data(nlh);
2784 if (ifm->ifi_index > 0)
2785 dev = __dev_get_by_index(tgt_net, ifm->ifi_index);

--- 393 unchanged lines hidden (view full) ---

3179 return err;
3180
3181 err = rtnl_ensure_unique_netns(tb, extack, true);
3182 if (err < 0)
3183 return err;
3184
3185 if (tb[IFLA_IF_NETNSID]) {
3186 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
3178 tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid);
3187 tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, netnsid);
3179 if (IS_ERR(tgt_net))
3180 return PTR_ERR(tgt_net);
3181 }
3182
3183 if (tb[IFLA_IFNAME])
3184 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
3185
3186 if (tb[IFLA_EXT_MASK])

--- 1650 unchanged lines hidden --- 		3188 if (IS_ERR(tgt_net))
3189 return PTR_ERR(tgt_net);
3190 }
3191
3192 if (tb[IFLA_IFNAME])
3193 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
3194
3195 if (tb[IFLA_EXT_MASK])

--- 1650 unchanged lines hidden ---