Last active
June 7, 2017 11:48
-
-
Save 0xef53/beac882158dd05ef539b612c6661e685 to your computer and use it in GitHub Desktop.
kernel-4.9-loopback-network.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- a/net/ipv4/af_inet.c | |
+++ b/net/ipv4/af_inet.c | |
@@ -467,11 +467,28 @@ int inet_bind(struct socket *sock, struc | |
chk_addr_ret != RTN_BROADCAST) | |
goto out; | |
+ /* HACK */ | |
snum = ntohs(addr->sin_port); | |
- err = -EACCES; | |
- if (snum && snum < PROT_SOCK && | |
- !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) | |
- goto out; | |
+ if (!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE) && (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409)) | |
+ { | |
+ int local_addr = htonl((127u<<24) | current->real_cred->euid.val); | |
+ if(addr->sin_addr.s_addr == INADDR_ANY) | |
+ { | |
+ addr->sin_addr.s_addr = local_addr; | |
+ } | |
+ else if(addr->sin_addr.s_addr != local_addr) | |
+ { | |
+ goto out; | |
+ } | |
+ } | |
+ else | |
+ { | |
+ err = -EACCES; | |
+ if (snum && snum < PROT_SOCK && !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) | |
+ goto out; | |
+ } | |
+ | |
+ /* END OF HACK */ | |
/* We keep a pair of addresses. rcv_saddr is the one | |
* used by hash lookups, and saddr is used for transmit. | |
@@ -519,12 +536,22 @@ int inet_dgram_connect(struct socket *so | |
int addr_len, int flags) | |
{ | |
struct sock *sk = sock->sk; | |
+ /* HACK ONE LINE */ | |
+ struct inet_sock *inet = inet_sk(sk); | |
if (addr_len < sizeof(uaddr->sa_family)) | |
return -EINVAL; | |
if (uaddr->sa_family == AF_UNSPEC) | |
return sk->sk_prot->disconnect(sk, flags); | |
+ /* HACK */ | |
+ if (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409) | |
+ { | |
+ int local_addr = htonl((127u<<24) | current->real_cred->euid.val); | |
+ inet->inet_rcv_saddr = inet->inet_saddr = local_addr; | |
+ } | |
+ /* END OF HACK */ | |
+ | |
if (!inet_sk(sk)->inet_num && inet_autobind(sk)) | |
return -EAGAIN; | |
return sk->sk_prot->connect(sk, uaddr, addr_len); | |
@@ -563,6 +590,8 @@ int __inet_stream_connect(struct socket | |
int addr_len, int flags) | |
{ | |
struct sock *sk = sock->sk; | |
+ /* HACK ONE LINE */ | |
+ struct inet_sock *inet = inet_sk(sk); | |
int err; | |
long timeo; | |
@@ -591,6 +620,14 @@ int __inet_stream_connect(struct socket | |
if (sk->sk_state != TCP_CLOSE) | |
goto out; | |
+ /* HACK */ | |
+ if (current->real_cred->euid.val > 1023 && current->real_cred->euid.val < 17409) | |
+ { | |
+ int local_addr = htonl((127u<<24) | current->real_cred->euid.val); | |
+ inet->inet_rcv_saddr = inet->inet_saddr = local_addr; | |
+ } | |
+ /* END OF HACK */ | |
+ | |
err = sk->sk_prot->connect(sk, uaddr, addr_len); | |
if (err < 0) | |
goto out; | |
--- a/net/ipv4/route.c | |
+++ b/net/ipv4/route.c | |
@@ -1827,6 +1827,7 @@ static int ip_route_input_slow(struct sk | |
/* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(), | |
* and call it once if daddr or/and saddr are loopback addresses | |
*/ | |
+ /* HACK | |
if (ipv4_is_loopback(daddr)) { | |
if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) | |
goto martian_destination; | |
@@ -1834,6 +1835,7 @@ static int ip_route_input_slow(struct sk | |
if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) | |
goto martian_source; | |
} | |
+ */ | |
/* | |
* Now we are ready to route packet. | |
@@ -2027,11 +2029,13 @@ static struct rtable *__mkroute_output(c | |
if (!in_dev) | |
return ERR_PTR(-EINVAL); | |
+ /* HACK | |
if (likely(!IN_DEV_ROUTE_LOCALNET(in_dev))) | |
if (ipv4_is_loopback(fl4->saddr) && | |
!(dev_out->flags & IFF_LOOPBACK) && | |
!netif_is_l3_master(dev_out)) | |
return ERR_PTR(-EINVAL); | |
+ */ | |
if (ipv4_is_lbcast(fl4->daddr)) | |
type = RTN_BROADCAST; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment