linux/net/sched
Eric W. Biederman a6c6796c71 userns: Convert cls_flow to work with user namespaces enabled
The flow classifier can use uids and gids of the sockets that
are transmitting packets and do insert those uids and gids
into the packet classification calcuation.  I don't fully
understand the details but it appears that we can depend
on specific uids and gids when making traffic classification
decisions.

To work with user namespaces enabled map from kuids and kgids
into uids and gids in the initial user namespace giving raw
integer values the code can play with and depend on.

To avoid issues of userspace depending on uids and gids in
packet classifiers installed from other user namespaces
and getting confused deny all packet classifiers that
use uids or gids that are not comming from a netlink socket
in the initial user namespace.

Cc: Patrick McHardy <kaber@trash.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Changli Gao <xiaosuo@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-08-14 21:55:28 -07:00
..
act_api.c pkt_sched: act_api: Move away from NLMSG_PUT(). 2012-06-26 21:39:32 -07:00
act_csum.c ipv6: correct the ipv6 option name - Pad0 to Pad1 2012-05-17 15:49:51 -04:00
act_gact.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
act_ipt.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
act_mirred.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
act_nat.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
act_pedit.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
act_police.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
act_simple.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
act_skbedit.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
cls_api.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_basic.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_cgroup.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_flow.c userns: Convert cls_flow to work with user namespaces enabled 2012-08-14 21:55:28 -07:00
cls_fw.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_route.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_tcindex.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
cls_u32.c net sched: Pass the skb into change so it can access NETLINK_CB 2012-08-14 21:55:28 -07:00
em_canid.c net: em_canid: Ematch rule to match CAN frames according to their identifiers 2012-07-04 13:07:05 +02:00
em_cmp.c
em_ipset.c net: sched: add ipset ematch 2012-07-12 07:54:46 -07:00
em_meta.c ipv4: Prepare for change of rt->rt_iif encoding. 2012-07-23 16:36:26 -07:00
em_nbyte.c
em_text.c
em_u32.c
ematch.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
Kconfig net: sched: add ipset ematch 2012-07-12 07:54:46 -07:00
Makefile net: sched: add ipset ematch 2012-07-12 07:54:46 -07:00
sch_api.c pkt_sched: sch_api: Move away from NLMSG_NEW(). 2012-06-26 21:54:15 -07:00
sch_atm.c sch_atm.c: get rid of poinless extern 2012-06-01 10:37:18 -04:00
sch_blackhole.c
sch_cbq.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_choke.c net: sched: factorize code (qdisc_drop()) 2012-05-04 11:50:05 -04:00
sch_codel.c fq_codel: should use qdisc backlog as threshold 2012-05-16 15:30:26 -04:00
sch_drr.c net_sched: update bstats in dequeue() 2012-05-10 23:33:01 -04:00
sch_dsmark.c net: sched: factorize code (qdisc_drop()) 2012-05-04 11:50:05 -04:00
sch_fifo.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_fq_codel.c fq_codel: should use qdisc backlog as threshold 2012-05-16 15:30:26 -04:00
sch_generic.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
sch_gred.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
sch_hfsc.c net_sched: update bstats in dequeue() 2012-05-10 23:33:01 -04:00
sch_htb.c net_sched: update bstats in dequeue() 2012-05-10 23:33:01 -04:00
sch_ingress.c
sch_mq.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
sch_mqprio.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_multiq.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_netem.c netem: refine early skb orphaning 2012-07-16 23:08:33 -07:00
sch_plug.c net_sched: sch_plug: plug_qdisc_ops is static 2012-02-13 16:04:40 -05:00
sch_prio.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_qfq.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_red.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_sfb.c sch_sfb: Fix missing NULL check 2012-07-12 08:33:18 -07:00
sch_sfq.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_tbf.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_teql.c sch_teql: Convert over to dev_neigh_lookup_skb(). 2012-07-05 01:09:06 -07:00