bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets

[linux-2.6-microblaze.git] / net / core / sock_map.c

diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index cb11750..4292c2e 100644 (file)
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -668,6 +668,8 @@ BPF_CALL_4(bpf_msg_redirect_map, struct sk_msg *, msg,
        sk = __sock_map_lookup_elem(map, key);
        if (unlikely(!sk || !sock_map_redirect_allowed(sk)))
                return SK_DROP;
+       if (!(flags & BPF_F_INGRESS) && !sk_is_tcp(sk))
+               return SK_DROP;
 
        msg->flags = flags;
        msg->sk_redir = sk;
@@ -1267,6 +1269,8 @@ BPF_CALL_4(bpf_msg_redirect_hash, struct sk_msg *, msg,
        sk = __sock_hash_lookup_elem(map, key);
        if (unlikely(!sk || !sock_map_redirect_allowed(sk)))
                return SK_DROP;
+       if (!(flags & BPF_F_INGRESS) && !sk_is_tcp(sk))
+               return SK_DROP;
 
        msg->flags = flags;
        msg->sk_redir = sk;