From owner-p4-projects@FreeBSD.ORG  Wed Nov  5 15:08:33 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6137F16A4D0; Wed,  5 Nov 2003 15:08:33 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1CE7A16A4CE
	for <perforce@freebsd.org>; Wed,  5 Nov 2003 15:08:32 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D571143FE3
	for <perforce@freebsd.org>; Wed,  5 Nov 2003 15:08:31 -0800 (PST)
	(envelope-from sam@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hA5N8VXJ054667
	for <perforce@freebsd.org>; Wed, 5 Nov 2003 15:08:31 -0800 (PST)
	(envelope-from sam@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hA5N8Vi8054664
	for perforce@freebsd.org; Wed, 5 Nov 2003 15:08:31 -0800 (PST)
	(envelope-from sam@freebsd.org)
Date: Wed, 5 Nov 2003 15:08:31 -0800 (PST)
Message-Id: <200311052308.hA5N8Vi8054664@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	sam@freebsd.org using -f
From: Sam Leffler <sam@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 41489 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Nov 2003 23:08:33 -0000

http://perforce.freebsd.org/chv.cgi?CH=41489

Change 41489 by sam@sam_ebb on 2003/11/05 15:07:47

	Pull uid/gid checking out of line and add locking.  I
	doubt the out-of-line change is going to significantly
	impact performance given the locking necessary.

Affected files ...

.. //depot/projects/netperf/sys/netinet/ip_fw2.c#14 edit

Differences ...

==== //depot/projects/netperf/sys/netinet/ip_fw2.c#14 (text+ko) ====

@@ -1297,6 +1297,59 @@
 	return rule;
 }
 
+static int
+check_uidgid(ipfw_insn_u32 *insn,
+	int proto, struct ifnet *oif,
+	struct in_addr dst_ip, u_int16_t dst_port,
+	struct in_addr src_ip, u_int16_t src_port)
+{
+	struct inpcbinfo *pi;
+	int wildcard;
+	struct inpcb *pcb;
+	int match;
+
+	if (proto == IPPROTO_TCP) {
+		wildcard = 0;
+		pi = &tcbinfo;
+	} else if (proto == IPPROTO_UDP) {
+		wildcard = 1;
+		pi = &udbinfo;
+	} else
+		return 0;
+
+	match = 0;
+
+	INP_INFO_RLOCK(pi);	/* maybe a LOR here */
+	pcb =  (oif) ?
+		in_pcblookup_hash(pi,
+		    dst_ip, htons(dst_port),
+		    src_ip, htons(src_port),
+		    wildcard, oif) :
+		in_pcblookup_hash(pi,
+		    src_ip, htons(src_port),
+		    dst_ip, htons(dst_port),
+		    wildcard, NULL);
+	if (pcb != NULL) {
+		INP_LOCK(pcb);
+		if (pcb->inp_socket != NULL) {
+#if __FreeBSD_version < 500034
+#define socheckuid(a,b)	((a)->so_cred->cr_uid != (b))
+#endif
+			if (insn->o.opcode == O_UID) {
+				match = !socheckuid(pcb->inp_socket,
+				   (uid_t)insn->d[0]);
+			} else  {
+				match = groupmember((uid_t)insn->d[0],
+				    pcb->inp_socket->so_cred);
+			}
+		}
+		INP_UNLOCK(pcb);
+	}
+	INP_INFO_RUNLOCK(pi);
+
+	return match;
+}
+
 /*
  * The main check routine for the firewall.
  *
@@ -1600,46 +1653,13 @@
 				 */
 				if (offset!=0)
 					break;
-			    {
-				struct inpcbinfo *pi;
-				int wildcard;
-				struct inpcb *pcb;
-
-				if (proto == IPPROTO_TCP) {
-					wildcard = 0;
-					pi = &tcbinfo;
-				} else if (proto == IPPROTO_UDP) {
-					wildcard = 1;
-					pi = &udbinfo;
-				} else
-					break;
-
-				/* XXX locking? */
-				pcb =  (oif) ?
-					in_pcblookup_hash(pi,
-					    dst_ip, htons(dst_port),
-					    src_ip, htons(src_port),
-					    wildcard, oif) :
-					in_pcblookup_hash(pi,
-					    src_ip, htons(src_port),
-					    dst_ip, htons(dst_port),
-					    wildcard, NULL);
-
-				if (pcb == NULL || pcb->inp_socket == NULL)
-					break;
-#if __FreeBSD_version < 500034
-#define socheckuid(a,b)	((a)->so_cred->cr_uid != (b))
-#endif
-				if (cmd->opcode == O_UID) {
-					match =
-					  !socheckuid(pcb->inp_socket,
-					   (uid_t)((ipfw_insn_u32 *)cmd)->d[0]);
-				} else  {
-					match = groupmember(
-					    (uid_t)((ipfw_insn_u32 *)cmd)->d[0],
-					    pcb->inp_socket->so_cred);
-				}
-			    }
+				if (proto == IPPROTO_TCP ||
+				    proto == IPPROTO_UDP)
+					match = check_uidgid(
+						    (ipfw_insn_u32 *)cmd,
+						    proto, oif,
+						    src_ip, src_port,
+						    dst_ip, dst_port);
 				break;
 
 			case O_RECV: