* [PATCH] net: relax PKTINFO non local ipv6 udp xmit check
@ 2011-08-26 21:56 Maciej Żenczykowski
2011-08-28 21:11 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Maciej Żenczykowski @ 2011-08-26 21:56 UTC (permalink / raw)
To: Maciej Żenczykowski, David S. Miller
Cc: netdev, Hideaki YOSHIFUJI, Maciej Żenczykowski, Erik Kline,
Lorenzo Colitti
From: Maciej Żenczykowski <maze@google.com>
Allow transparent sockets to be less restrictive about
the source ip of ipv6 udp packets being sent.
Google-Bug-Id: 5018138
Signed-off-by: Maciej Żenczykowski <maze@google.com>
CC: "Erik Kline" <ek@google.com>
CC: "Lorenzo Colitti" <lorenzo@google.com>
---
include/net/transp_v6.h | 1 +
net/ipv6/datagram.c | 5 +++--
net/ipv6/ip6_flowlabel.c | 2 +-
net/ipv6/ipv6_sockglue.c | 2 +-
net/ipv6/raw.c | 2 +-
net/ipv6/udp.c | 2 +-
6 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/include/net/transp_v6.h b/include/net/transp_v6.h
index 5271a74..498433d 100644
--- a/include/net/transp_v6.h
+++ b/include/net/transp_v6.h
@@ -39,6 +39,7 @@ extern int datagram_recv_ctl(struct sock *sk,
struct sk_buff *skb);
extern int datagram_send_ctl(struct net *net,
+ struct sock *sk,
struct msghdr *msg,
struct flowi6 *fl6,
struct ipv6_txoptions *opt,
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 9ef1831..03e20fa 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -599,7 +599,7 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
return 0;
}
-int datagram_send_ctl(struct net *net,
+int datagram_send_ctl(struct net *net, struct sock *sk,
struct msghdr *msg, struct flowi6 *fl6,
struct ipv6_txoptions *opt,
int *hlimit, int *tclass, int *dontfrag)
@@ -658,7 +658,8 @@ int datagram_send_ctl(struct net *net,
if (addr_type != IPV6_ADDR_ANY) {
int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
- if (!ipv6_chk_addr(net, &src_info->ipi6_addr,
+ if (!(sk && inet_sk(sk)->transparent) &&
+ !ipv6_chk_addr(net, &src_info->ipi6_addr,
strict ? dev : NULL, 0))
err = -EINVAL;
else
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index f3caf1b..a896987 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -360,7 +360,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
msg.msg_control = (void*)(fl->opt+1);
memset(&flowi6, 0, sizeof(flowi6));
- err = datagram_send_ctl(net, &msg, &flowi6, fl->opt, &junk,
+ err = datagram_send_ctl(net, NULL, &msg, &flowi6, fl->opt, &junk,
&junk, &junk);
if (err)
goto done;
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 147ede38..2fbda5f 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -475,7 +475,7 @@ sticky_done:
msg.msg_controllen = optlen;
msg.msg_control = (void*)(opt+1);
- retv = datagram_send_ctl(net, &msg, &fl6, opt, &junk, &junk,
+ retv = datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, &junk,
&junk);
if (retv)
goto done;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index f34902f..131be5e 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -817,7 +817,7 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
memset(opt, 0, sizeof(struct ipv6_txoptions));
opt->tot_len = sizeof(struct ipv6_txoptions);
- err = datagram_send_ctl(sock_net(sk), msg, &fl6, opt, &hlimit,
+ err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit,
&tclass, &dontfrag);
if (err < 0) {
fl6_sock_release(flowlabel);
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 35bbdc4..b0fb25c 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1090,7 +1090,7 @@ do_udp_sendmsg:
memset(opt, 0, sizeof(struct ipv6_txoptions));
opt->tot_len = sizeof(*opt);
- err = datagram_send_ctl(sock_net(sk), msg, &fl6, opt, &hlimit,
+ err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit,
&tclass, &dontfrag);
if (err < 0) {
fl6_sock_release(flowlabel);
--
1.7.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] net: relax PKTINFO non local ipv6 udp xmit check
2011-08-26 21:56 [PATCH] net: relax PKTINFO non local ipv6 udp xmit check Maciej Żenczykowski
@ 2011-08-28 21:11 ` David Miller
2011-08-28 22:35 ` Maciej Żenczykowski
0 siblings, 1 reply; 6+ messages in thread
From: David Miller @ 2011-08-28 21:11 UTC (permalink / raw)
To: zenczykowski; +Cc: maze, netdev, yoshfuji, ek, lorenzo
From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Fri, 26 Aug 2011 14:56:28 -0700
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index f3caf1b..a896987 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -360,7 +360,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
> msg.msg_control = (void*)(fl->opt+1);
> memset(&flowi6, 0, sizeof(flowi6));
>
> - err = datagram_send_ctl(net, &msg, &flowi6, fl->opt, &junk,
> + err = datagram_send_ctl(net, NULL, &msg, &flowi6, fl->opt, &junk,
> &junk, &junk);
> if (err)
> goto done;
There is a socket associated with this fl_create() request, please
pass it into fl_create() from it's caller, and thus down into
datagram_send_ctl(), instead of just passing NULL.
Then, since a valid sk is always passed in, you can elide the NULL
check on 'sk' down at the bottom of these code paths.
Thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] net: relax PKTINFO non local ipv6 udp xmit check
2011-08-28 21:11 ` David Miller
@ 2011-08-28 22:35 ` Maciej Żenczykowski
2011-08-29 1:06 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Maciej Żenczykowski @ 2011-08-28 22:35 UTC (permalink / raw)
To: Maciej Żenczykowski, David S. Miller
Cc: netdev, Maciej Żenczykowski, Erik Kline, Lorenzo Colitti
From: Maciej Żenczykowski <maze@google.com>
Allow transparent sockets to be less restrictive about
the source ip of ipv6 udp packets being sent.
Google-Bug-Id: 5018138
Signed-off-by: Maciej Żenczykowski <maze@google.com>
CC: "Erik Kline" <ek@google.com>
CC: "Lorenzo Colitti" <lorenzo@google.com>
---
include/net/transp_v6.h | 1 +
net/ipv6/datagram.c | 5 +++--
net/ipv6/ip6_flowlabel.c | 8 ++++----
net/ipv6/ipv6_sockglue.c | 2 +-
net/ipv6/raw.c | 4 ++--
net/ipv6/udp.c | 4 ++--
6 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/include/net/transp_v6.h b/include/net/transp_v6.h
index 5271a74..498433d 100644
--- a/include/net/transp_v6.h
+++ b/include/net/transp_v6.h
@@ -39,6 +39,7 @@ extern int datagram_recv_ctl(struct sock *sk,
struct sk_buff *skb);
extern int datagram_send_ctl(struct net *net,
+ struct sock *sk,
struct msghdr *msg,
struct flowi6 *fl6,
struct ipv6_txoptions *opt,
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 9ef1831..b46e9f8 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -599,7 +599,7 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
return 0;
}
-int datagram_send_ctl(struct net *net,
+int datagram_send_ctl(struct net *net, struct sock *sk,
struct msghdr *msg, struct flowi6 *fl6,
struct ipv6_txoptions *opt,
int *hlimit, int *tclass, int *dontfrag)
@@ -658,7 +658,8 @@ int datagram_send_ctl(struct net *net,
if (addr_type != IPV6_ADDR_ANY) {
int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
- if (!ipv6_chk_addr(net, &src_info->ipi6_addr,
+ if (!inet_sk(sk)->transparent &&
+ !ipv6_chk_addr(net, &src_info->ipi6_addr,
strict ? dev : NULL, 0))
err = -EINVAL;
else
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index f3caf1b..5430394 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -322,8 +322,8 @@ static int fl6_renew(struct ip6_flowlabel *fl, unsigned long linger, unsigned lo
}
static struct ip6_flowlabel *
-fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
- int optlen, int *err_p)
+fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
+ char __user *optval, int optlen, int *err_p)
{
struct ip6_flowlabel *fl = NULL;
int olen;
@@ -360,7 +360,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
msg.msg_control = (void*)(fl->opt+1);
memset(&flowi6, 0, sizeof(flowi6));
- err = datagram_send_ctl(net, &msg, &flowi6, fl->opt, &junk,
+ err = datagram_send_ctl(net, sk, &msg, &flowi6, fl->opt, &junk,
&junk, &junk);
if (err)
goto done;
@@ -528,7 +528,7 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
return -EINVAL;
- fl = fl_create(net, &freq, optval, optlen, &err);
+ fl = fl_create(net, sk, &freq, optval, optlen, &err);
if (fl == NULL)
return err;
sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 147ede38..2fbda5f 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -475,7 +475,7 @@ sticky_done:
msg.msg_controllen = optlen;
msg.msg_control = (void*)(opt+1);
- retv = datagram_send_ctl(net, &msg, &fl6, opt, &junk, &junk,
+ retv = datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, &junk,
&junk);
if (retv)
goto done;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index f34902f..3486f62 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -817,8 +817,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
memset(opt, 0, sizeof(struct ipv6_txoptions));
opt->tot_len = sizeof(struct ipv6_txoptions);
- err = datagram_send_ctl(sock_net(sk), msg, &fl6, opt, &hlimit,
- &tclass, &dontfrag);
+ err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt,
+ &hlimit, &tclass, &dontfrag);
if (err < 0) {
fl6_sock_release(flowlabel);
return err;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 35bbdc4..f4ca0a5 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1090,8 +1090,8 @@ do_udp_sendmsg:
memset(opt, 0, sizeof(struct ipv6_txoptions));
opt->tot_len = sizeof(*opt);
- err = datagram_send_ctl(sock_net(sk), msg, &fl6, opt, &hlimit,
- &tclass, &dontfrag);
+ err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt,
+ &hlimit, &tclass, &dontfrag);
if (err < 0) {
fl6_sock_release(flowlabel);
return err;
--
1.7.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] net: relax PKTINFO non local ipv6 udp xmit check
2011-08-28 22:35 ` Maciej Żenczykowski
@ 2011-08-29 1:06 ` David Miller
2011-08-30 18:51 ` Maciej Żenczykowski
[not found] ` <CANP3RGdLbc7bM_YUU2MTGkMN0cFSx-xt0xrY1SDN_Ep4Fci-AQ@mail.gmail.com>
0 siblings, 2 replies; 6+ messages in thread
From: David Miller @ 2011-08-29 1:06 UTC (permalink / raw)
To: zenczykowski; +Cc: maze, netdev, ek, lorenzo
From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Sun, 28 Aug 2011 15:35:31 -0700
> From: Maciej Żenczykowski <maze@google.com>
>
> Allow transparent sockets to be less restrictive about
> the source ip of ipv6 udp packets being sent.
>
> Google-Bug-Id: 5018138
> Signed-off-by: Maciej Żenczykowski <maze@google.com>
Applied, thanks a lot.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net: relax PKTINFO non local ipv6 udp xmit check
2011-08-29 1:06 ` David Miller
@ 2011-08-30 18:51 ` Maciej Żenczykowski
[not found] ` <CANP3RGdLbc7bM_YUU2MTGkMN0cFSx-xt0xrY1SDN_Ep4Fci-AQ@mail.gmail.com>
1 sibling, 0 replies; 6+ messages in thread
From: Maciej Żenczykowski @ 2011-08-30 18:51 UTC (permalink / raw)
To: David Miller; +Cc: netdev
On Sun, Aug 28, 2011 at 6:06 PM, David Miller <davem@davemloft.net> wrote:
> > Allow transparent sockets to be less restrictive about
> > the source ip of ipv6 udp packets being sent.
>
> Applied, thanks a lot.
FYI, I don't see this in either git repository:
http://git.kernel.org/?p=linux/kernel/git/davem/net.git;a=shortlog
http://git.kernel.org/?p=linux/kernel/git/davem/net-next.git;a=shortlog
I'd expect it to have shown up in net-next by now.
I'm also curious whether anyone knows of any good reason why
transparent sockets require CAP_NET_ADMIN instead of CAP_NET_RAW (or
either one of CAP_NET_{RAW|ADMIN}).
Maciej
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net: relax PKTINFO non local ipv6 udp xmit check
[not found] ` <CANP3RGdLbc7bM_YUU2MTGkMN0cFSx-xt0xrY1SDN_Ep4Fci-AQ@mail.gmail.com>
@ 2011-08-30 19:18 ` David Miller
0 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2011-08-30 19:18 UTC (permalink / raw)
To: zenczykowski; +Cc: netdev
From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Tue, 30 Aug 2011 11:50:43 -0700
> On Sun, Aug 28, 2011 at 6:06 PM, David Miller <davem@davemloft.net> wrote:
>
>> > Allow transparent sockets to be less restrictive about
>> > the source ip of ipv6 udp packets being sent.
>>
>> Applied, thanks a lot.
>>
>
> FYI, I don't see this in either git repository:
It's in a repo on my machine at home, I'll push it out to 'net' when I
get home later today :-)
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-08-30 19:18 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-26 21:56 [PATCH] net: relax PKTINFO non local ipv6 udp xmit check Maciej Żenczykowski
2011-08-28 21:11 ` David Miller
2011-08-28 22:35 ` Maciej Żenczykowski
2011-08-29 1:06 ` David Miller
2011-08-30 18:51 ` Maciej Żenczykowski
[not found] ` <CANP3RGdLbc7bM_YUU2MTGkMN0cFSx-xt0xrY1SDN_Ep4Fci-AQ@mail.gmail.com>
2011-08-30 19:18 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.