linux/net/netfilter
Johannes Berg 023e2cfa36 netlink/genetlink: pass network namespace to bind/unbind
Netlink families can exist in multiple namespaces, and for the most
part multicast subscriptions are per network namespace. Thus it only
makes sense to have bind/unbind notifications per network namespace.

To achieve this, pass the network namespace of a given client socket
to the bind/unbind functions.

Also do this in generic netlink, and there also make sure that any
bind for multicast groups that only exist in init_net is rejected.
This isn't really a problem if it is accepted since a client in a
different namespace will never receive any notifications from such
a group, but it can confuse the family if not rejected (it's also
possible to silently (without telling the family) accept it, but it
would also have to be ignored on unbind so families that take any
kind of action on bind/unbind won't do unnecessary work for invalid
clients like that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-27 03:07:50 -05:00
..
ipset netfilter: ipset: Explicitly add padding elements to hash:net, net and hash:net, port, net 2014-12-03 12:43:36 +01:00
ipvs dst: no need to take reference on DST_NOCACHE dsts 2014-12-09 16:08:17 -05:00
Kconfig netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
Makefile netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
core.c netfilter: fix various sparse warnings 2014-11-13 12:14:42 +01:00
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-12-05 20:56:46 -08:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c
nf_conntrack_ftp.c netfilter: replace strnicmp with strncasecmp 2014-10-14 02:18:24 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: lookup route from proper net namespace 2014-11-17 12:47:14 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: fix spelling errors 2014-10-30 17:35:30 +01:00
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_proto_generic.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_proto_gre.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_proto_sctp.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_proto_tcp.c Merge branch 'iov_iter' into for-next 2014-12-08 20:39:29 -05:00
nf_conntrack_proto_udp.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_proto_udplite.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: replace strnicmp with strncasecmp 2014-10-14 02:18:24 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: Remove checks of seq_printf() return values 2014-11-05 14:11:02 -05:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_internals.h
nf_log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-12-11 14:27:06 -08:00
nf_log_common.c
nf_nat_amanda.c
nf_nat_core.c
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_proto_common.c
nf_nat_proto_dccp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_redirect.c netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
nf_nat_sip.c netfilter: replace strnicmp with strncasecmp 2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
nf_queue.c
nf_sockopt.c
nf_synproxy_core.c
nf_tables_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-11-24 16:00:58 -05:00
nf_tables_core.c
nf_tables_inet.c
nfnetlink.c netlink/genetlink: pass network namespace to bind/unbind 2014-12-27 03:07:50 -05:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-11-24 16:00:58 -05:00
nfnetlink_queue_core.c Merge branch 'iov_iter' into for-next 2014-12-08 20:39:29 -05:00
nfnetlink_queue_ct.c
nft_bitwise.c
nft_byteorder.c
nft_cmp.c
nft_compat.c netfilter: nft_compat: use the match->table to validate dependencies 2014-11-12 12:06:24 +01:00
nft_counter.c
nft_ct.c
nft_expr_template.c
nft_exthdr.c
nft_hash.c rhashtable: Drop gfp_flags arg in insert/remove functions 2014-11-13 15:18:40 -05:00
nft_immediate.c
nft_limit.c
nft_log.c
nft_lookup.c
nft_masq.c netfilter: nf_tables: restrict nat/masq expressions to nat chain type 2014-10-13 20:42:00 +02:00
nft_meta.c netfilter: nft_meta: add cgroup support 2014-11-09 16:21:22 +01:00
nft_nat.c netfilter: nft_nat: dump attributes if they are set 2014-10-18 14:16:13 +02:00
nft_payload.c
nft_queue.c
nft_rbtree.c
nft_redir.c netfilter: nft_redir: fix sparse warnings 2014-11-12 12:00:04 +01:00
nft_reject.c
nft_reject_inet.c
x_tables.c netfilter: Remove checks of seq_printf() return values 2014-11-05 14:11:02 -05:00
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c
xt_DSCP.c netfilter: fix various sparse warnings 2014-11-13 12:14:42 +01:00
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_LED.c
xt_LOG.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c
xt_REDIRECT.c netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
xt_SECMARK.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TEE.c
xt_TPROXY.c
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: xt_connlimit: honor conntrack zone if available 2014-11-17 12:44:20 +01:00
xt_connmark.c
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: Remove checks of seq_printf() return values 2014-11-05 14:11:02 -05:00
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_nfacct.c
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: xt_recent: relax ip_pkt_list_tot restrictions 2014-11-27 12:40:31 +01:00
xt_repldata.h
xt_sctp.c
xt_set.c netfilter: ipset: Alignment problem between 64bit kernel 32bit userspace 2014-12-03 12:43:35 +01:00
xt_socket.c
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c