1 files changed, 0 insertions, 42 deletions

diff --git a/netlink-Add-netns-check-on-taps.patch b/netlink-Add-netns-check-on-taps.patch
deleted file mode 100644
index 8595cf80d..000000000
--- a/netlink-Add-netns-check-on-taps.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 5af86b090e2f17b97c02d0bf9098f6edc3195935 Mon Sep 17 00:00:00 2001
-From: Kevin Cernekee <cernekee@chromium.org>
-Date: Wed, 6 Dec 2017 12:12:27 -0800
-Subject: [PATCH] netlink: Add netns check on taps
-
-Currently, a nlmon link inside a child namespace can observe systemwide
-netlink activity.  Filter the traffic so that nlmon can only sniff
-netlink messages from its own netns.
-
-Test case:
-
-    vpnns -- bash -c "ip link add nlmon0 type nlmon; \
-                      ip link set nlmon0 up; \
-                      tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
-    sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
-        spi 0x1 mode transport \
-        auth sha1 0x6162633132330000000000000000000000000000 \
-        enc aes 0x00000000000000000000000000000000
-    grep --binary abc123 /tmp/nlmon.pcap
-
-Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
----
- net/netlink/af_netlink.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 15c99dfa3d72..aac9d68b4636 100644
---- a/net/netlink/af_netlink.c
-+++ b/net/netlink/af_netlink.c
-@@ -254,6 +254,9 @@ static int __netlink_deliver_tap_skb(struct sk_buff *skb,
- 	struct sock *sk = skb->sk;
- 	int ret = -ENOMEM;
- 
-+	if (!net_eq(dev_net(dev), sock_net(sk)))
-+		return 0;
-+
- 	dev_hold(dev);
- 
- 	if (is_vmalloc_addr(skb->head))
--- 
-2.14.3
-