From owner-svn-src-head@FreeBSD.ORG Thu Feb 5 14:58:16 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 802FA1065678; Thu, 5 Feb 2009 14:58:16 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 6DBF18FC08; Thu, 5 Feb 2009 14:58:16 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n15EwGMj029996; Thu, 5 Feb 2009 14:58:16 GMT (envelope-from jamie@svn.freebsd.org) Received: (from jamie@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n15EwGIE029995; Thu, 5 Feb 2009 14:58:16 GMT (envelope-from jamie@svn.freebsd.org) Message-Id: <200902051458.n15EwGIE029995@svn.freebsd.org> From: Jamie Gritton Date: Thu, 5 Feb 2009 14:58:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r188149 - head/sys/net X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2009 14:58:17 -0000 Author: jamie Date: Thu Feb 5 14:58:16 2009 New Revision: 188149 URL: http://svn.freebsd.org/changeset/base/188149 Log: Call prison_if from rtm_get_jailed, instead of splitting it out into prison_check_ip4 and prison_check_ip6. As prison_if includes a jailed() check, remove that check before calling rtm_get_jailed. Approved by: bz (mentor) Modified: head/sys/net/rtsock.c Modified: head/sys/net/rtsock.c ============================================================================== --- head/sys/net/rtsock.c Thu Feb 5 14:25:53 2009 (r188148) +++ head/sys/net/rtsock.c Thu Feb 5 14:58:16 2009 (r188149) @@ -337,55 +337,48 @@ rtm_get_jailed(struct rt_addrinfo *info, struct rtentry *rt, union sockaddr_union *saun, struct ucred *cred) { + /* First, see if the returned address is part of the jail. */ + if (prison_if(cred, rt->rt_ifa->ifa_addr) == 0) { + info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; + return (0); + } + switch (info->rti_info[RTAX_DST]->sa_family) { #ifdef INET case AF_INET: { struct in_addr ia; + struct ifaddr *ifa; + int found; + found = 0; /* - * 1. Check if the returned address is part of the jail. + * Try to find an address on the given outgoing interface + * that belongs to the jail. */ - ia = ((struct sockaddr_in *)rt->rt_ifa->ifa_addr)->sin_addr; - if (prison_check_ip4(cred, &ia) == 0) { - info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; - - } else { - struct ifaddr *ifa; - int found; - - found = 0; - + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { + struct sockaddr *sa; + sa = ifa->ifa_addr; + if (sa->sa_family != AF_INET) + continue; + ia = ((struct sockaddr_in *)sa)->sin_addr; + if (prison_check_ip4(cred, &ia) == 0) { + found = 1; + break; + } + } + if (!found) { /* - * 2. Try to find an address on the given outgoing - * interface that belongs to the jail. + * As a last resort return the 'default' jail address. */ - TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { - struct sockaddr *sa; - sa = ifa->ifa_addr; - if (sa->sa_family != AF_INET) - continue; - ia = ((struct sockaddr_in *)sa)->sin_addr; - if (prison_check_ip4(cred, &ia) == 0) { - found = 1; - break; - } - } - if (!found) { - /* - * 3. As a last resort return the 'default' - * jail address. - */ - if (prison_get_ip4(cred, &ia) != 0) - return (ESRCH); - } - bzero(&saun->sin, sizeof(struct sockaddr_in)); - saun->sin.sin_len = sizeof(struct sockaddr_in); - saun->sin.sin_family = AF_INET; - saun->sin.sin_addr.s_addr = ia.s_addr; - info->rti_info[RTAX_IFA] = - (struct sockaddr *)&saun->sin; + if (prison_get_ip4(cred, &ia) != 0) + return (ESRCH); } + bzero(&saun->sin, sizeof(struct sockaddr_in)); + saun->sin.sin_len = sizeof(struct sockaddr_in); + saun->sin.sin_family = AF_INET; + saun->sin.sin_addr.s_addr = ia.s_addr; + info->rti_info[RTAX_IFA] = (struct sockaddr *)&saun->sin; break; } #endif @@ -393,54 +386,40 @@ rtm_get_jailed(struct rt_addrinfo *info, case AF_INET6: { struct in6_addr ia6; + struct ifaddr *ifa; + int found; + found = 0; /* - * 1. Check if the returned address is part of the jail. + * Try to find an address on the given outgoing interface + * that belongs to the jail. */ - bcopy(&((struct sockaddr_in6 *)rt->rt_ifa->ifa_addr)->sin6_addr, - &ia6, sizeof(struct in6_addr)); - if (prison_check_ip6(cred, &ia6) == 0) { - info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; - } else { - struct ifaddr *ifa; - int found; - - found = 0; - + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { + struct sockaddr *sa; + sa = ifa->ifa_addr; + if (sa->sa_family != AF_INET6) + continue; + bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, + &ia6, sizeof(struct in6_addr)); + if (prison_check_ip6(cred, &ia6) == 0) { + found = 1; + break; + } + } + if (!found) { /* - * 2. Try to find an address on the given outgoing - * interface that belongs to the jail. + * As a last resort return the 'default' jail address. */ - TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { - struct sockaddr *sa; - sa = ifa->ifa_addr; - if (sa->sa_family != AF_INET6) - continue; - bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, - &ia6, sizeof(struct in6_addr)); - if (prison_check_ip6(cred, &ia6) == 0) { - found = 1; - break; - } - } - if (!found) { - /* - * 3. As a last resort return the 'default' - * jail address. - */ - if (prison_get_ip6(cred, &ia6) != 0) - return (ESRCH); - } - bzero(&saun->sin6, sizeof(struct sockaddr_in6)); - saun->sin6.sin6_len = sizeof(struct sockaddr_in6); - saun->sin6.sin6_family = AF_INET6; - bcopy(&ia6, &saun->sin6.sin6_addr, - sizeof(struct in6_addr)); - if (sa6_recoverscope(&saun->sin6) != 0) + if (prison_get_ip6(cred, &ia6) != 0) return (ESRCH); - info->rti_info[RTAX_IFA] = - (struct sockaddr *)&saun->sin6; } + bzero(&saun->sin6, sizeof(struct sockaddr_in6)); + saun->sin6.sin6_len = sizeof(struct sockaddr_in6); + saun->sin6.sin6_family = AF_INET6; + bcopy(&ia6, &saun->sin6.sin6_addr, sizeof(struct in6_addr)); + if (sa6_recoverscope(&saun->sin6) != 0) + return (ESRCH); + info->rti_info[RTAX_IFA] = (struct sockaddr *)&saun->sin6; break; } #endif @@ -628,17 +607,11 @@ route_output(struct mbuf *m, struct sock if (ifp) { info.rti_info[RTAX_IFP] = ifp->if_addr->ifa_addr; - if (jailed(curthread->td_ucred)) { - error = rtm_get_jailed( - &info, ifp, rt, &saun, - curthread->td_ucred); - if (error != 0) { - RT_UNLOCK(rt); - senderr(ESRCH); - } - } else { - info.rti_info[RTAX_IFA] = - rt->rt_ifa->ifa_addr; + error = rtm_get_jailed(&info, ifp, rt, + &saun, curthread->td_ucred); + if (error != 0) { + RT_UNLOCK(rt); + senderr(error); } if (ifp->if_flags & IFF_POINTOPOINT) info.rti_info[RTAX_BRD] =