mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/ipv6/netfilter
History
Guillaume Nault 1fcc064b30 netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. 
Currently netfilter's rpfilter and fib modules implicitely initialise
->flowic_uid with 0. This is normally the root UID. However, this isn't
the case in user namespaces, where user ID 0 is mapped to a different
kernel UID. By initialising ->flowic_uid with sock_net_uid(), we get
the root UID of the user namespace, thus keeping the same behaviour
whether or not we're running in a user namepspace.

Note, this is similar to commit 8bcfd0925e ("ipv4: add missing
initialization for flowi4_uid"), which fixed the rp_filter sysctl.

Fixes: 622ec2c9d5 ("net: core: add UID to flows, rules, and routes")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2022-10-19 08:46:48 +02:00
..
Kconfig netfilter: Remove flowtable relics 2022-01-27 00:00:20 +01:00
Makefile netfilter: Remove flowtable relics 2022-01-27 00:00:20 +01:00
ip6_tables.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6t_NPT.c
ip6t_REJECT.c
ip6t_SYNPROXY.c
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c
ip6t_mh.c
ip6t_rpfilter.c netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. 2022-10-19 08:46:48 +02:00
ip6t_rt.c netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 2021-10-14 23:08:35 +02:00
ip6t_srh.c
ip6table_filter.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_mangle.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_nat.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_raw.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_security.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
nf_conntrack_reasm.c netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases 2022-08-24 08:06:44 +02:00
nf_defrag_ipv6_hooks.c netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1 2021-09-28 13:04:55 +02:00
nf_dup_ipv6.c
nf_reject_ipv6.c netfilter: conntrack: skip verification of zero UDP checksum 2022-05-13 18:56:28 +02:00
nf_socket_ipv6.c tcp: Access &tcp_hashinfo via net. 2022-09-20 10:21:49 -07:00
nf_tproxy_ipv6.c tcp: Access &tcp_hashinfo via net. 2022-09-20 10:21:49 -07:00
nft_dup_ipv6.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_fib_ipv6.c netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. 2022-10-19 08:46:48 +02:00
nft_reject_ipv6.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00