Date: Wed, 18 Feb 2009 20:12:08 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/lib/libc/sys send.2 src/sys/kern kern_jail.c uipc_socket.c src/sys/net if.c rtsock.c src/sys/netinet in.c in_pcb.c raw_ip.c tcp_usrreq.c udp_usrreq.c src/sys/netinet6 in6.c in6_pcb.c in6_src.c raw_ip6.c udp6_usrreq.c src/sys/sys jail.h Message-ID: <200902182017.n1IKH7b8008865@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jamie 2009-02-18 20:12:08 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
lib/libc/sys send.2
sys/kern kern_jail.c uipc_socket.c
sys/net if.c rtsock.c
sys/netinet in.c in_pcb.c raw_ip.c tcp_usrreq.c
udp_usrreq.c
sys/netinet6 in6.c in6_pcb.c in6_src.c raw_ip6.c
udp6_usrreq.c
sys/sys jail.h
Log:
SVN rev 188761 on 2009-02-18 20:12:08Z by jamie
MFC:
r188144:
Standardize the various prison_foo_ip[46] functions and prison_if to
return zero on success and an error code otherwise. The possible errors
are EADDRNOTAVAIL if an address being checked for doesn't match the
prison, and EAFNOSUPPORT if the prison doesn't have any addresses in
that address family. For most callers of these functions, use the
returned error code instead of e.g. a hard-coded EADDRNOTAVAIL or
EINVAL.
Always include a jailed() check in these functions, where a non-jailed
cred always returns success (and makes no changes). Remove the explicit
jailed() checks that preceded many of the function calls.
r188146:
Don't allow creating a socket with a protocol family that the current
jail doesn't support. This involves a new function prison_check_af,
like prison_check_ip[46] but that checks only the family.
With this change, most of the errors generated by jailed sockets
shouldn't ever occur, at least until jails are changeable.
r188148:
Remove redundant calls of prison_local_ip4 in in_pcbbind_setup, and of
prison_local_ip6 in in6_pcbbind.
r188149:
Call prison_if from rtm_get_jailed, instead of splitting it out into
prison_check_ip4 and prison_check_ip6. As prison_if includes a jailed()
check, remove that check before calling rtm_get_jailed.
r188151:
Don't bother null-checking the thread pointer before the prison checks
in udp6_connect (td is already dereferenced elsewhere without such a
check). This makes the conversion from a sockaddr to a sockaddr_in6
always happen, so convert once at the beginning of the function rather
than twice in the middle.
Approved by: bz (mentor)
Revision Changes Path
1.36.2.1 +2 -2 src/lib/libc/sys/send.2
1.70.2.8 +116 -70 src/sys/kern/kern_jail.c
1.302.2.14 +1 -8 src/sys/kern/uipc_socket.c
1.273.2.9 +1 -2 src/sys/net/if.c
1.143.2.7 +74 -100 src/sys/net/rtsock.c
1.102.2.4 +3 -3 src/sys/netinet/in.c
1.196.2.19 +23 -31 src/sys/netinet/in_pcb.c
1.180.2.12 +17 -20 src/sys/netinet/raw_ip.c
1.163.2.8 +5 -8 src/sys/netinet/tcp_usrreq.c
1.218.2.11 +5 -5 src/sys/netinet/udp_usrreq.c
1.73.2.6 +3 -3 src/sys/netinet6/in6.c
1.84.2.13 +15 -19 src/sys/netinet6/in6_pcb.c
1.46.2.8 +11 -12 src/sys/netinet6/in6_src.c
1.73.2.12 +7 -11 src/sys/netinet6/raw_ip6.c
1.81.2.12 +22 -31 src/sys/netinet6/udp6_usrreq.c
1.29.2.5 +1 -0 src/sys/sys/jail.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902182017.n1IKH7b8008865>