[Devel] [PATCH RHEL7 COMMIT] ve/net: Exclude foreign CT sockets from /proc/net/tcp{, 6}
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Jul 17 06:24:12 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.25
------>
commit afb9c157cba1cdec6f828b5c438964186c14a87f
Author: Kirill Tkhai <ktkhai at odin.com>
Date: Fri Jul 17 17:23:57 2015 +0400
ve/net: Exclude foreign CT sockets from /proc/net/tcp{,6}
Before this patch CT user could see all HN connections because of
incorrect check inhereted from 2.6.32-x kernel.
Align the code (checks) with mainstream ones.
https://jira.sw.ru/browse/PSBM-34875
Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---
net/ipv4/tcp_ipv4.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 4125556..aa64e15 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2263,7 +2263,7 @@ get_req:
}
get_sk:
sk_nulls_for_each_from(sk, node) {
- if (!net_access_allowed(sock_net(sk), net))
+ if (!net_eq(sock_net(sk), net))
continue;
if (sk->sk_family == st->family) {
cur = sk;
@@ -2338,7 +2338,7 @@ static void *established_get_first(struct seq_file *seq)
spin_lock_bh(lock);
sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
if (sk->sk_family != st->family ||
- !net_access_allowed(sock_net(sk), net)) {
+ !net_eq(sock_net(sk), net)) {
continue;
}
rc = sk;
@@ -2364,7 +2364,7 @@ static void *established_get_next(struct seq_file *seq, void *cur)
sk_nulls_for_each_from(sk, node) {
if (sk->sk_family == st->family &&
- net_access_allowed(sock_net(sk), net))
+ net_eq(sock_net(sk), net))
return sk;
}
More information about the Devel
mailing list