Date: Thu, 24 Apr 2014 12:52:31 +0000 (UTC) From: Steven Hartland <smh@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r264879 - head/sys/netinet Message-ID: <201404241252.s3OCqVjj031328@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: smh Date: Thu Apr 24 12:52:31 2014 New Revision: 264879 URL: http://svnweb.freebsd.org/changeset/base/264879 Log: Fix jailed raw sockets not setting the correct source address by calling in_pcbladdr instead of prison_get_ip4 MFC after: 1 month Modified: head/sys/netinet/in_pcb.c head/sys/netinet/in_pcb.h head/sys/netinet/raw_ip.c Modified: head/sys/netinet/in_pcb.c ============================================================================== --- head/sys/netinet/in_pcb.c Thu Apr 24 12:38:07 2014 (r264878) +++ head/sys/netinet/in_pcb.c Thu Apr 24 12:52:31 2014 (r264879) @@ -697,7 +697,7 @@ in_pcbconnect(struct inpcb *inp, struct * Do proper source address selection on an unbound socket in case * of connect. Take jails into account as well. */ -static int +int in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_addr *laddr, struct ucred *cred) { Modified: head/sys/netinet/in_pcb.h ============================================================================== --- head/sys/netinet/in_pcb.h Thu Apr 24 12:38:07 2014 (r264878) +++ head/sys/netinet/in_pcb.h Thu Apr 24 12:52:31 2014 (r264879) @@ -636,6 +636,8 @@ void in_pcbdrop(struct inpcb *); void in_pcbfree(struct inpcb *); int in_pcbinshash(struct inpcb *); int in_pcbinshash_nopcbgroup(struct inpcb *); +int in_pcbladdr(struct inpcb *, struct in_addr *, struct in_addr *, + struct ucred *); struct inpcb * in_pcblookup_local(struct inpcbinfo *, struct in_addr, u_short, int, struct ucred *); Modified: head/sys/netinet/raw_ip.c ============================================================================== --- head/sys/netinet/raw_ip.c Thu Apr 24 12:38:07 2014 (r264878) +++ head/sys/netinet/raw_ip.c Thu Apr 24 12:52:31 2014 (r264879) @@ -454,26 +454,26 @@ rip_output(struct mbuf *m, struct socket ip->ip_p = inp->inp_ip_p; ip->ip_len = htons(m->m_pkthdr.len); ip->ip_src = inp->inp_laddr; + ip->ip_dst.s_addr = dst; if (jailed(inp->inp_cred)) { /* * prison_local_ip4() would be good enough but would * let a source of INADDR_ANY pass, which we do not - * want to see from jails. We do not go through the - * pain of in_pcbladdr() for raw sockets. + * want to see from jails. */ - if (ip->ip_src.s_addr == INADDR_ANY) - error = prison_get_ip4(inp->inp_cred, - &ip->ip_src); - else + if (ip->ip_src.s_addr == INADDR_ANY) { + error = in_pcbladdr(inp, &ip->ip_dst, &ip->ip_src, + inp->inp_cred); + } else { error = prison_local_ip4(inp->inp_cred, &ip->ip_src); + } if (error != 0) { INP_RUNLOCK(inp); m_freem(m); return (error); } } - ip->ip_dst.s_addr = dst; ip->ip_ttl = inp->inp_ip_ttl; } else { if (m->m_pkthdr.len > IP_MAXPACKET) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404241252.s3OCqVjj031328>