Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9c0188ac authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by David S. Miller
Browse files

net: shy netns_ok check 



Failure to pass netns_ok check is SILENT, except some MIB counter is
incremented somewhere.

And adding "netns_ok = 1" (after long head-scratching session) is
usually the last step in making some protocol netns-ready...

Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 6e093d9d

net/ipv4/ip_input.c

+9 −1
Original line number Diff line number Diff line
@@ -209,9 +209,17 @@ static int ip_local_deliver_finish(struct sk_buff *skb) 


		hash = protocol & (MAX_INET_PROTOS - 1);

		ipprot = rcu_dereference(inet_protos[hash]);

		if (ipprot != NULL && (net == &init_net || ipprot->netns_ok)) {

		if (ipprot != NULL) {

			int ret;



			if (!net_eq(net, &init_net) && !ipprot->netns_ok) {

				if (net_ratelimit())

					printk("%s: proto %d isn't netns-ready\n",

						__func__, protocol);

				kfree_skb(skb);

				goto out;

			}



			if (!ipprot->no_policy) {

				if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {

					kfree_skb(skb);