• Lorenzo Colitti's avatar
    net: inet: Support UID-based routing in IP protocols. · e2d118a1
    Lorenzo Colitti authored
    - Use the UID in routing lookups made by protocol connect() and
      sendmsg() functions.
    - Make sure that routing lookups triggered by incoming packets
      (e.g., Path MTU discovery) take the UID of the socket into
    - For packets not associated with a userspace socket, (e.g., ping
      replies) use UID 0 inside the user namespace corresponding to
      the network namespace the socket belongs to. This allows
      all namespaces to apply routing and iptables rules to
      kernel-originated traffic in that namespaces by matching UID 0.
      This is better than using the UID of the kernel socket that is
      sending the traffic, because the UID of kernel sockets created
      at namespace creation time (e.g., the per-processor ICMP and
      TCP sockets) is the UID of the user that created the socket,
      which might not be mapped in the namespace.
    Tested: compiles allnoconfig, allyesconfig, allmodconfig
    Tested: https://android-review.googlesource.com/253302Signed-off-by: default avatarLorenzo Colitti <lorenzo@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
ipcomp6.c 5.53 KB