[NET]: Modify all rtnetlink methods to only work in the initial namespace (v2)

[deliverable/linux.git] / net / sched / cls_api.c

diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index bb98045d550839dc92620592475530067ee4a658..fdab6a530bba89dd65787627461c05fe830f1007 100644 (file)
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -23,6 +23,8 @@
 #include <linux/init.h>
 #include <linux/kmod.h>
 #include <linux/netlink.h>
+#include <net/net_namespace.h>
+#include <net/sock.h>
 #include <net/netlink.h>
 #include <net/pkt_sched.h>
 #include <net/pkt_cls.h>
@@ -119,6 +121,7 @@ static __inline__ u32 tcf_auto_prio(struct tcf_proto *tp)
 
 static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
 {
+       struct net *net = skb->sk->sk_net;
        struct rtattr **tca;
        struct tcmsg *t;
        u32 protocol;
@@ -135,6 +138,9 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
        unsigned long fh;
        int err;
 
+       if (net != &init_net)
+               return -EINVAL;
+
 replay:
        tca = arg;
        t = NLMSG_DATA(n);
@@ -375,6 +381,7 @@ static int tcf_node_dump(struct tcf_proto *tp, unsigned long n, struct tcf_walke
 
 static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
 {
+       struct net *net = skb->sk->sk_net;
        int t;
        int s_t;
        struct net_device *dev;
@@ -385,6 +392,9 @@ static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
        const struct Qdisc_class_ops *cops;
        struct tcf_dump_args arg;
 
+       if (net != &init_net)
+               return 0;
+
        if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm)))
                return skb->len;
        if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)