From owner-cvs-src-old@FreeBSD.ORG  Wed Feb 18 20:17:07 2009
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4AF6A106564A
	for <cvs-src-old@freebsd.org>; Wed, 18 Feb 2009 20:17:07 +0000 (UTC)
	(envelope-from jamie@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 2EA638FC08
	for <cvs-src-old@freebsd.org>; Wed, 18 Feb 2009 20:17:07 +0000 (UTC)
	(envelope-from jamie@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n1IKH7KD008866
	for <cvs-src-old@freebsd.org>; Wed, 18 Feb 2009 20:17:07 GMT
	(envelope-from jamie@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n1IKH7b8008865
	for cvs-src-old@freebsd.org; Wed, 18 Feb 2009 20:17:07 GMT
	(envelope-from jamie@repoman.freebsd.org)
Message-Id: <200902182017.n1IKH7b8008865@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	jamie@repoman.freebsd.org using -f
From: Jamie Gritton <jamie@FreeBSD.org>
Date: Wed, 18 Feb 2009 20:12:08 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: RELENG_7
Subject: cvs commit: src/lib/libc/sys send.2 src/sys/kern kern_jail.c
 uipc_socket.c src/sys/net if.c rtsock.c src/sys/netinet in.c
 in_pcb.c raw_ip.c tcp_usrreq.c udp_usrreq.c src/sys/netinet6 in6.c
 in6_pcb.c in6_src.c raw_ip6.c udp6_usrreq.c src/sys/sys jail.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2009 20:17:08 -0000

jamie       2009-02-18 20:12:08 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    lib/libc/sys         send.2 
    sys/kern             kern_jail.c uipc_socket.c 
    sys/net              if.c rtsock.c 
    sys/netinet          in.c in_pcb.c raw_ip.c tcp_usrreq.c 
                         udp_usrreq.c 
    sys/netinet6         in6.c in6_pcb.c in6_src.c raw_ip6.c 
                         udp6_usrreq.c 
    sys/sys              jail.h 
  Log:
  SVN rev 188761 on 2009-02-18 20:12:08Z by jamie
  
  MFC:
  
   r188144:
     Standardize the various prison_foo_ip[46] functions and prison_if to
     return zero on success and an error code otherwise.  The possible errors
     are EADDRNOTAVAIL if an address being checked for doesn't match the
     prison, and EAFNOSUPPORT if the prison doesn't have any addresses in
     that address family.  For most callers of these functions, use the
     returned error code instead of e.g. a hard-coded EADDRNOTAVAIL or
     EINVAL.
  
     Always include a jailed() check in these functions, where a non-jailed
     cred always returns success (and makes no changes).  Remove the explicit
     jailed() checks that preceded many of the function calls.
  
   r188146:
     Don't allow creating a socket with a protocol family that the current
     jail doesn't support.  This involves a new function prison_check_af,
     like prison_check_ip[46] but that checks only the family.
  
     With this change, most of the errors generated by jailed sockets
     shouldn't ever occur, at least until jails are changeable.
  
   r188148:
     Remove redundant calls of prison_local_ip4 in in_pcbbind_setup, and of
     prison_local_ip6 in in6_pcbbind.
  
   r188149:
     Call prison_if from rtm_get_jailed, instead of splitting it out into
     prison_check_ip4 and prison_check_ip6.  As prison_if includes a jailed()
     check, remove that check before calling rtm_get_jailed.
  
   r188151:
     Don't bother null-checking the thread pointer before the prison checks
     in udp6_connect (td is already dereferenced elsewhere without such a
     check).  This makes the conversion from a sockaddr to a sockaddr_in6
     always happen, so convert once at the beginning of the function rather
     than twice in the middle.
  
  Approved by:    bz (mentor)
  
  Revision    Changes    Path
  1.36.2.1    +2 -2      src/lib/libc/sys/send.2
  1.70.2.8    +116 -70   src/sys/kern/kern_jail.c
  1.302.2.14  +1 -8      src/sys/kern/uipc_socket.c
  1.273.2.9   +1 -2      src/sys/net/if.c
  1.143.2.7   +74 -100   src/sys/net/rtsock.c
  1.102.2.4   +3 -3      src/sys/netinet/in.c
  1.196.2.19  +23 -31    src/sys/netinet/in_pcb.c
  1.180.2.12  +17 -20    src/sys/netinet/raw_ip.c
  1.163.2.8   +5 -8      src/sys/netinet/tcp_usrreq.c
  1.218.2.11  +5 -5      src/sys/netinet/udp_usrreq.c
  1.73.2.6    +3 -3      src/sys/netinet6/in6.c
  1.84.2.13   +15 -19    src/sys/netinet6/in6_pcb.c
  1.46.2.8    +11 -12    src/sys/netinet6/in6_src.c
  1.73.2.12   +7 -11     src/sys/netinet6/raw_ip6.c
  1.81.2.12   +22 -31    src/sys/netinet6/udp6_usrreq.c
  1.29.2.5    +1 -0      src/sys/sys/jail.h