From owner-svn-src-all@FreeBSD.ORG  Sun May  2 16:36:15 2010
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DFE1B1065674;
	Sun,  2 May 2010 16:36:15 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [69.147.83.44])
	by mx1.freebsd.org (Postfix) with ESMTP id CF7118FC1E;
	Sun,  2 May 2010 16:36:15 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o42GaF9N013465;
	Sun, 2 May 2010 16:36:15 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o42GaFwE013462;
	Sun, 2 May 2010 16:36:15 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <201005021636.o42GaFwE013462@svn.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Sun, 2 May 2010 16:36:15 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r207515 - in stable/8/sys: netinet netinet6
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2010 16:36:16 -0000

Author: bz
Date: Sun May  2 16:36:15 2010
New Revision: 207515
URL: http://svn.freebsd.org/changeset/base/207515

Log:
  MFC r207277:
    Enhance the historic behaviour of raw sockets and jails in a way
    that we allow all possible jail IPs as source address rather than
    forcing the "primary". While IPv6 naturally has source address
    selection, for legacy IP we do not go through the pain in case
    IP_HDRINCL was not set. People should bind(2) for that.
  
    This will, for example, allow ping(|6) -S to work correctly for
    non-primary addresses.
  
    Reported by:  (ten 211.ru)
    Tested by:    (ten 211.ru)

Modified:
  stable/8/sys/netinet/raw_ip.c
  stable/8/sys/netinet6/raw_ip6.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)
  stable/8/sys/geom/sched/   (props changed)

Modified: stable/8/sys/netinet/raw_ip.c
==============================================================================
--- stable/8/sys/netinet/raw_ip.c	Sun May  2 16:32:41 2010	(r207514)
+++ stable/8/sys/netinet/raw_ip.c	Sun May  2 16:36:15 2010	(r207515)
@@ -441,11 +441,24 @@ rip_output(struct mbuf *m, struct socket
 		ip->ip_p = inp->inp_ip_p;
 		ip->ip_len = m->m_pkthdr.len;
 		ip->ip_src = inp->inp_laddr;
-		error = prison_get_ip4(inp->inp_cred, &ip->ip_src);
-		if (error != 0) {
-			INP_RUNLOCK(inp);
-			m_freem(m);
-			return (error);
+		if (jailed(inp->inp_cred)) {
+			/*
+			 * prison_local_ip4() would be good enough but would
+			 * let a source of INADDR_ANY pass, which we do not
+			 * want to see from jails. We do not go through the
+			 * pain of in_pcbladdr() for raw sockets.
+			 */
+			if (ip->ip_src.s_addr == INADDR_ANY)
+				error = prison_get_ip4(inp->inp_cred,
+				    &ip->ip_src);
+			else
+				error = prison_local_ip4(inp->inp_cred,
+				    &ip->ip_src);
+			if (error != 0) {
+				INP_RUNLOCK(inp);
+				m_freem(m);
+				return (error);
+			}
 		}
 		ip->ip_dst.s_addr = dst;
 		ip->ip_ttl = inp->inp_ip_ttl;

Modified: stable/8/sys/netinet6/raw_ip6.c
==============================================================================
--- stable/8/sys/netinet6/raw_ip6.c	Sun May  2 16:32:41 2010	(r207514)
+++ stable/8/sys/netinet6/raw_ip6.c	Sun May  2 16:36:15 2010	(r207515)
@@ -465,7 +465,7 @@ rip6_output(m, va_alist)
 	    &oifp, &in6a);
 	if (error)
 		goto bad;
-	error = prison_get_ip6(in6p->inp_cred, &in6a);
+	error = prison_check_ip6(in6p->inp_cred, &in6a);
 	if (error != 0)
 		goto bad;
 	ip6->ip6_src = in6a;