summaryrefslogtreecommitdiffstats
path: root/net/appletalk
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-09-17 11:53:39 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 16:49:08 -0700
commite730c15519d09ea528b4d2f1103681fa5937c0e6 (patch)
treec117294523f4d004fb1d740610b6403e5744cdfc /net/appletalk
parent6d34b1c27a72d5d1c73c567b2f6b1fde316e0eae (diff)
downloadlinux-e730c15519d09ea528b4d2f1103681fa5937c0e6.tar.bz2
[NET]: Make packet reception network namespace safe
This patch modifies every packet receive function registered with dev_add_pack() to drop packets if they are not from the initial network namespace. This should ensure that the various network stacks do not receive packets in a anything but the initial network namespace until the code has been converted and is ready for them. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/appletalk')
-rw-r--r--net/appletalk/aarp.c3
-rw-r--r--net/appletalk/ddp.c6
2 files changed, 9 insertions, 0 deletions
diff --git a/net/appletalk/aarp.c b/net/appletalk/aarp.c
index 80b54148460f..9267f4818795 100644
--- a/net/appletalk/aarp.c
+++ b/net/appletalk/aarp.c
@@ -713,6 +713,9 @@ static int aarp_rcv(struct sk_buff *skb, struct net_device *dev,
struct atalk_addr sa, *ma, da;
struct atalk_iface *ifa;
+ if (dev->nd_net != &init_net)
+ goto out0;
+
/* We only do Ethernet SNAP AARP. */
if (dev->type != ARPHRD_ETHER)
goto out0;
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index fd1d52f09707..c1f1367cad48 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1403,6 +1403,9 @@ static int atalk_rcv(struct sk_buff *skb, struct net_device *dev,
int origlen;
__u16 len_hops;
+ if (dev->nd_net != &init_net)
+ goto freeit;
+
/* Don't mangle buffer if shared */
if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
goto out;
@@ -1488,6 +1491,9 @@ freeit:
static int ltalk_rcv(struct sk_buff *skb, struct net_device *dev,
struct packet_type *pt, struct net_device *orig_dev)
{
+ if (dev->nd_net != &init_net)
+ goto freeit;
+
/* Expand any short form frames */
if (skb_mac_header(skb)[2] == 1) {
struct ddpehdr *ddp;