diff options
author | Florian Westphal | 2023-02-20 17:24:00 +0100 |
---|---|---|
committer | Greg Kroah-Hartman | 2023-03-11 13:55:24 +0100 |
commit | ffba2d57902646bdf9b8e16fd09f7d63a12f7941 (patch) | |
tree | 08998d332737cc7cbd9cf7821ca8d9dc2c0944f0 /drivers/dma | |
parent | f2ccb36b8f76a970ac325f8c64c1d658933f8868 (diff) |
netfilter: ctnetlink: make event listener tracking global
[ Upstream commit fdf6491193e411087ae77bcbc6468e3e1cff99ed ]
pernet tracking doesn't work correctly because other netns might have
set NETLINK_LISTEN_ALL_NSID on its event socket.
In this case its expected that events originating in other net
namespaces are also received.
Making pernet-tracking work while also honoring NETLINK_LISTEN_ALL_NSID
requires much more intrusive changes both in netlink and nfnetlink,
f.e. adding a 'setsockopt' callback that lets nfnetlink know that the
event socket entered (or left) ALL_NSID mode.
Move to global tracking instead: if there is an event socket anywhere
on the system, all net namespaces which have conntrack enabled and
use autobind mode will allocate the ecache extension.
netlink_has_listeners() returns false only if the given group has no
subscribers in any net namespace, the 'net' argument passed to
nfnetlink_has_listeners is only used to derive the protocol (nfnetlink),
it has no other effect.
For proper NETLINK_LISTEN_ALL_NSID-aware pernet tracking of event
listeners a new netlink_has_net_listeners() is also needed.
Fixes: 90d1daa45849 ("netfilter: conntrack: add nf_conntrack_events autodetect mode")
Reported-by: Bryce Kahle <bryce.kahle@datadoghq.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/dma')
0 files changed, 0 insertions, 0 deletions