tproxy: Add missing CAP_NET_ADMIN check to ipv6 side

IP_TRANSPARENT requires root (more precisely CAP_NET_ADMIN privielges)
for IPV6.

However as I see right now this check was missed from the IPv6
implementation.

Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Balazs Scheidler 2010-10-23 04:48:14 +00:00 committed by David S. Miller
parent 0561cf3dbf
commit b889416b54

View File

@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
break; break;
case IPV6_TRANSPARENT: case IPV6_TRANSPARENT:
if (!capable(CAP_NET_ADMIN)) {
retv = -EPERM;
break;
}
if (optlen < sizeof(int)) if (optlen < sizeof(int))
goto e_inval; goto e_inval;
/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */ /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */