0xef53/kernel-loopback-network.patch

## kernel-loopback-network.patch
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -467,11 +467,28 @@ int inet_bind(struct socket *sock, struc
 	    chk_addr_ret != RTN_BROADCAST)
 		goto out;

+	/* HACK */
 	snum = ntohs(addr->sin_port);
-	err = -EACCES;
-	if (snum && snum < PROT_SOCK &&
-	    !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
-		goto out;
+	if (!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE) && (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409))
+	{
+		int local_addr = htonl((127u<<24) | current->real_cred->euid.val);
+		if(addr->sin_addr.s_addr == INADDR_ANY)
+		{
+			addr->sin_addr.s_addr = local_addr;
+		}
+		else if(addr->sin_addr.s_addr != local_addr)
+		{
+			goto out;
+		}
+	}
+	else
+	{
+		err = -EACCES;
+		if (snum && snum < PROT_SOCK && !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
+			goto out;
+	}
+
+	/* END OF HACK */

 	/*      We keep a pair of addresses. rcv_saddr is the one
 	 *      used by hash lookups, and saddr is used for transmit.
@@ -519,12 +536,22 @@ int inet_dgram_connect(struct socket *so
 		       int addr_len, int flags)
 {
 	struct sock *sk = sock->sk;
+	/* HACK ONE LINE */
+	struct inet_sock *inet = inet_sk(sk);

 	if (addr_len < sizeof(uaddr->sa_family))
 		return -EINVAL;
 	if (uaddr->sa_family == AF_UNSPEC)
 		return sk->sk_prot->disconnect(sk, flags);

+	/* HACK */
+	if (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409)
+	{
+		int local_addr = htonl((127u<<24) | current->real_cred->euid.val);
+		inet->inet_rcv_saddr = inet->inet_saddr = local_addr;
+	}
+	/* END OF HACK */
+
 	if (!inet_sk(sk)->inet_num && inet_autobind(sk))
 		return -EAGAIN;
 	return sk->sk_prot->connect(sk, uaddr, addr_len);
@@ -563,6 +590,8 @@ int __inet_stream_connect(struct socket
 			  int addr_len, int flags)
 {
 	struct sock *sk = sock->sk;
+	/* HACK ONE LINE */
+	struct inet_sock *inet = inet_sk(sk);
 	int err;
 	long timeo;

@@ -591,6 +620,14 @@ int __inet_stream_connect(struct socket
 		if (sk->sk_state != TCP_CLOSE)
 			goto out;

+		/* HACK */
+		if (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409)
+		{
+			int local_addr = htonl((127u<<24) | current->real_cred->euid.val);
+			inet->inet_rcv_saddr = inet->inet_saddr = local_addr;
+		}
+		/* END OF HACK */
+
 		err = sk->sk_prot->connect(sk, uaddr, addr_len);
 		if (err < 0)
 			goto out;
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1827,6 +1827,7 @@ static int ip_route_input_slow(struct sk
 	/* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
 	 * and call it once if daddr or/and saddr are loopback addresses
 	 */
+	/* HACK
 	if (ipv4_is_loopback(daddr)) {
 		if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
 			goto martian_destination;
@@ -1834,6 +1835,7 @@ static int ip_route_input_slow(struct sk
 		if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
 			goto martian_source;
 	}
+	*/

 	/*
 	 *	Now we are ready to route packet.
@@ -2027,11 +2029,13 @@ static struct rtable *__mkroute_output(c
 	if (!in_dev)
 		return ERR_PTR(-EINVAL);

+	/* HACK
 	if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
 		if (ipv4_is_loopback(fl4->saddr) &&
 		    !(dev_out->flags & IFF_LOOPBACK) &&
 		    !netif_is_l3_master(dev_out))
 			return ERR_PTR(-EINVAL);
+	*/

 	if (ipv4_is_lbcast(fl4->daddr))
 		type = RTN_BROADCAST;
	--- a/net/ipv4/af_inet.c
	+++ b/net/ipv4/af_inet.c
	@@ -467,11 +467,28 @@ int inet_bind(struct socket *sock, struc
	chk_addr_ret != RTN_BROADCAST)
	goto out;

	+ /* HACK */
	snum = ntohs(addr->sin_port);
	- err = -EACCES;
	- if (snum && snum < PROT_SOCK &&
	- !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
	- goto out;
	+ if (!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE) && (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409))
	+ {
	+ int local_addr = htonl((127u<<24) \| current->real_cred->euid.val);
	+ if(addr->sin_addr.s_addr == INADDR_ANY)
	+ {
	+ addr->sin_addr.s_addr = local_addr;
	+ }
	+ else if(addr->sin_addr.s_addr != local_addr)
	+ {
	+ goto out;
	+ }
	+ }
	+ else
	+ {
	+ err = -EACCES;
	+ if (snum && snum < PROT_SOCK && !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
	+ goto out;
	+ }
	+
	+ /* END OF HACK */

	/* We keep a pair of addresses. rcv_saddr is the one
	* used by hash lookups, and saddr is used for transmit.
	@@ -519,12 +536,22 @@ int inet_dgram_connect(struct socket *so
	int addr_len, int flags)
	{
	struct sock *sk = sock->sk;
	+ /* HACK ONE LINE */
	+ struct inet_sock *inet = inet_sk(sk);

	if (addr_len < sizeof(uaddr->sa_family))
	return -EINVAL;
	if (uaddr->sa_family == AF_UNSPEC)
	return sk->sk_prot->disconnect(sk, flags);

	+ /* HACK */
	+ if (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409)
	+ {
	+ int local_addr = htonl((127u<<24) \| current->real_cred->euid.val);
	+ inet->inet_rcv_saddr = inet->inet_saddr = local_addr;
	+ }
	+ /* END OF HACK */
	+
	if (!inet_sk(sk)->inet_num && inet_autobind(sk))
	return -EAGAIN;
	return sk->sk_prot->connect(sk, uaddr, addr_len);
	@@ -563,6 +590,8 @@ int __inet_stream_connect(struct socket
	int addr_len, int flags)
	{
	struct sock *sk = sock->sk;
	+ /* HACK ONE LINE */
	+ struct inet_sock *inet = inet_sk(sk);
	int err;
	long timeo;

	@@ -591,6 +620,14 @@ int __inet_stream_connect(struct socket
	if (sk->sk_state != TCP_CLOSE)
	goto out;

	+ /* HACK */
	+ if (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409)
	+ {
	+ int local_addr = htonl((127u<<24) \| current->real_cred->euid.val);
	+ inet->inet_rcv_saddr = inet->inet_saddr = local_addr;
	+ }
	+ /* END OF HACK */
	+
	err = sk->sk_prot->connect(sk, uaddr, addr_len);
	if (err < 0)
	goto out;
	--- a/net/ipv4/route.c
	+++ b/net/ipv4/route.c
	@@ -1827,6 +1827,7 @@ static int ip_route_input_slow(struct sk
	/* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(),
	* and call it once if daddr or/and saddr are loopback addresses
	*/
	+ /* HACK
	if (ipv4_is_loopback(daddr)) {
	if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
	goto martian_destination;
	@@ -1834,6 +1835,7 @@ static int ip_route_input_slow(struct sk
	if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
	goto martian_source;
	}
	+ */

	/*
	* Now we are ready to route packet.
	@@ -2027,11 +2029,13 @@ static struct rtable *__mkroute_output(c
	if (!in_dev)
	return ERR_PTR(-EINVAL);

	+ /* HACK
	if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev)))
	if (ipv4_is_loopback(fl4->saddr) &&
	!(dev_out->flags & IFF_LOOPBACK) &&
	!netif_is_l3_master(dev_out))
	return ERR_PTR(-EINVAL);
	+ */

	if (ipv4_is_lbcast(fl4->daddr))
	type = RTN_BROADCAST;