[NET]: Make packet reception network namespace safe

[linux-2.6-omap-h63xx.git] / net / tipc / eth_media.c

diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c
index 0ee6ded18f3a503a99ed08c4a11cd110f8a719c2..d2ed23704189d3c59238c20fc4c25510512cb9a6 100644 (file)
--- a/net/tipc/eth_media.c
+++ b/net/tipc/eth_media.c
@@ -1,8 +1,8 @@
 /*
  * net/tipc/eth_media.c: Ethernet bearer support for TIPC
  *
- * Copyright (c) 2001-2006, Ericsson AB
- * Copyright (c) 2005-2006, Wind River Systems
+ * Copyright (c) 2001-2007, Ericsson AB
+ * Copyright (c) 2005-2007, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38,6 +38,7 @@
 #include <net/tipc/tipc_bearer.h>
 #include <net/tipc/tipc_msg.h>
 #include <linux/netdevice.h>
+#include <net/net_namespace.h>
 
 #define MAX_ETH_BEARERS                2
 #define ETH_LINK_PRIORITY      TIPC_DEF_LINK_PRI
@@ -87,6 +88,9 @@ static int send_msg(struct sk_buff *buf, struct tipc_bearer *tb_ptr,
 /**
  * recv_msg - handle incoming TIPC message from an Ethernet interface
  *
+ * Accept only packets explicitly sent to this node, or broadcast packets;
+ * ignores packets sent using Ethernet multicast, and traffic sent to other
+ * nodes (which can happen if interface is running in promiscuous mode).
  * Routine truncates any Ethernet padding/CRC appended to the message,
  * and ensures message size matches actual length
  */
@@ -97,10 +101,13 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev,
        struct eth_bearer *eb_ptr = (struct eth_bearer *)pt->af_packet_priv;
        u32 size;
 
+       if (dev->nd_net != &init_net) {
+               kfree_skb(buf);
+               return 0;
+       }
+
        if (likely(eb_ptr->bearer)) {
-              if (likely(!dev->promiscuity) ||
-                  !memcmp(skb_mac_header(buf), dev->dev_addr, ETH_ALEN) ||
-                  !memcmp(skb_mac_header(buf), dev->broadcast, ETH_ALEN)) {
+               if (likely(buf->pkt_type <= PACKET_BROADCAST)) {
                        size = msg_size((struct tipc_msg *)buf->data);
                        skb_trim(buf, size);
                        if (likely(buf->len == size)) {
@@ -120,18 +127,20 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev,
 
 static int enable_bearer(struct tipc_bearer *tb_ptr)
 {
-       struct net_device *dev, *pdev;
+       struct net_device *dev = NULL;
+       struct net_device *pdev = NULL;
        struct eth_bearer *eb_ptr = &eth_bearers[0];
        struct eth_bearer *stop = &eth_bearers[MAX_ETH_BEARERS];
        char *driver_name = strchr((const char *)tb_ptr->name, ':') + 1;
 
        /* Find device with specified name */
-       dev = NULL;
-       for_each_netdev(pdev)
-               if (!strncmp(dev->name, driver_name, IFNAMSIZ)) {
+
+       for_each_netdev(pdev){
+               if (!strncmp(pdev->name, driver_name, IFNAMSIZ)) {
                        dev = pdev;
                        break;
                }
+       }
        if (!dev)
                return -ENODEV;