linux.git/net/ipv4/ip_options.c, branch v2.6.25 Linux kernel source tree [NETNS]: Add netns parameter to inet_(dev_)add_type. 2008-01-28T23:01:27+00:00 Eric W. Biederman ebiederm@xmission.com 2008-01-10T11:25:28+00:00 6b175b26c1048d331508940ad3516ead1998084f The patch extends the inet_addr_type and inet_dev_addr_type with the network namespace pointer. That allows to access the different tables relatively to the network namespace. The modification of the signature function is reported in all the callers of the inet_addr_type using the pointer to the well known init_net. Acked-by: Benjamin Thery <benjamin.thery@bull.net> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
The patch extends the inet_addr_type and inet_dev_addr_type with the
network namespace pointer. That allows to access the different tables
relatively to the network namespace.

The modification of the signature function is reported in all the
callers of the inet_addr_type using the pointer to the well known
init_net.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4] ip_options.c: kmalloc + memset conversion to kzalloc 2007-07-31T21:06:45+00:00 Mariusz Kozlowski m.kozlowski@tuxland.pl 2007-07-31T21:06:45+00:00 376407039c26caacc3e433437d25516ba8f3adc9 Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
[SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-26T05:25:10+00:00 Arnaldo Carvalho de Melo acme@redhat.com 2007-04-21T05:47:35+00:00 eddc9ec53be2ecdbf4efe0efd4a83052594f0ac0 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[SK_BUFF]: Introduce skb_network_header() 2007-04-26T05:24:59+00:00 Arnaldo Carvalho de Melo acme@redhat.com 2007-04-11T03:50:43+00:00 d56f90a7c96da5187f0cdf07ee7434fe6aa78bbc For the places where we need a pointer to the network header, it is still legal to touch skb->nh.raw directly if just adding to, subtracting from or setting it to another layer header. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
For the places where we need a pointer to the network header, it is still legal
to touch skb->nh.raw directly if just adding to, subtracting from or setting it
to another layer header.

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET] IPV4: Fix whitespace errors. 2007-02-11T07:19:39+00:00 YOSHIFUJI Hideaki yoshfuji@linux-ipv6.org 2007-02-09T14:24:47+00:00 e905a9edab7f4f14f9213b52234e4a346c690911 Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30T23:24:49+00:00 Paul Moore paul.moore@hp.com 2006-10-30T23:22:15+00:00 f8687afefcc821fc47c75775eec87731fe3de360 This patch makes two changes to protect applications from either removing or tampering with the CIPSOv4 IP option on a socket. The first is the requirement that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option on a socket; this prevents untrusted applications from setting their own CIPSOv4 security attributes on the packets they send. The second change is to SELinux and it prevents applications from setting any IPv4 options when there is an IPOPT_CIPSO option already present on the socket; this prevents applications from removing CIPSOv4 security attributes from the packets they send. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket.  The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send.  The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: trivial ip_options.c annotations 2006-09-29T01:01:55+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-28T01:28:47+00:00 e25d2ca6b2808c427704b01608baf0f7dea1696e Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: struct ip_options annotations 2006-09-29T01:01:53+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-28T01:28:07+00:00 3ca3c68e76686bee058937ade2b96f4de58ee434 ->faddr is net-endian; annotated as such, variables inferred to be net-endian annotated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
->faddr is net-endian; annotated as such, variables inferred to be net-endian
annotated.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: ip_options_build() annotations 2006-09-29T01:01:18+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-27T05:27:05+00:00 8712f774dc47ec6353c9b75317d6db62e58d9367 daddr is net-endian Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
daddr is net-endian

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: inet_addr_type() annotations 2006-09-29T01:01:07+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-27T05:17:51+00:00 fd6832220974809141b3981e380b78690bba8911 argument and inferred net-endian variables in callers annotated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
argument and inferred net-endian variables in callers annotated.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>