Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b889416b authored by Balazs Scheidler's avatar Balazs Scheidler Committed by David S. Miller
Browse files

tproxy: Add missing CAP_NET_ADMIN check to ipv6 side 



IP_TRANSPARENT requires root (more precisely CAP_NET_ADMIN privielges)
for IPV6.

However as I see right now this check was missed from the IPv6
implementation.

Acked-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0561cf3d

net/ipv6/ipv6_sockglue.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 
		break;

		break;





	case IPV6_TRANSPARENT:

	case IPV6_TRANSPARENT:

		if (!capable(CAP_NET_ADMIN)) {

			retv = -EPERM;

			break;

		}

		if (optlen < sizeof(int))

		if (optlen < sizeof(int))

			goto e_inval;

			goto e_inval;

		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */

		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */