Date: Mon, 23 Dec 2013 22:26:18 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r259796 - user/ae/inet6/sys/netinet6 Message-ID: <201312232226.rBNMQIo6073901@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Mon Dec 23 22:26:17 2013 New Revision: 259796 URL: http://svnweb.freebsd.org/changeset/base/259796 Log: * Use new prison_xxx_ip6() functions. * rip6_output() always calls in6_selectsrc() where all prison restrictions will be applied, thus no need to call prison_check_ip6() here. * in rip6_bind() move prison_check_ip6() call to be a bit later, when sockaddr_in6 structure will have sin6_scope_id properly initialized. Modified: user/ae/inet6/sys/netinet6/raw_ip6.c Modified: user/ae/inet6/sys/netinet6/raw_ip6.c ============================================================================== --- user/ae/inet6/sys/netinet6/raw_ip6.c Mon Dec 23 22:20:47 2013 (r259795) +++ user/ae/inet6/sys/netinet6/raw_ip6.c Mon Dec 23 22:26:17 2013 (r259796) @@ -166,6 +166,7 @@ rip6_input(struct mbuf **mp, int *offp, struct inpcb *last = 0; struct mbuf *opts = NULL; struct sockaddr_in6 fromsa; + uint32_t zoneid; RIP6STAT_INC(rip6s_ipackets); @@ -176,8 +177,8 @@ rip6_input(struct mbuf **mp, int *offp, } init_sin6(&fromsa, m); /* general init */ - ifp = m->m_pkthdr.rcvif; + zoneid = in6_getscopezone(ifp, IPV6_ADDR_SCOPE_LINKLOCAL); INP_INFO_RLOCK(&V_ripcbinfo); LIST_FOREACH(in6p, &V_ripcb, inp_list) { @@ -200,8 +201,8 @@ rip6_input(struct mbuf **mp, int *offp, * and fall through into normal filter path if so. */ if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && - prison_check_ip6(in6p->inp_cred, - &ip6->ip6_dst) != 0) + prison_check_in6(in6p->inp_cred, + &ip6->ip6_dst, zoneid) != 0) continue; } INP_RLOCK(in6p); @@ -466,9 +467,6 @@ rip6_output(struct mbuf *m, ...) &oifp, &in6a); if (error) goto bad; - error = prison_check_ip6(in6p->inp_cred, &in6a); - if (error != 0) - goto bad; ip6->ip6_src = in6a; ip6->ip6_dst = dstsock->sin6_addr; @@ -740,8 +738,6 @@ rip6_bind(struct socket *so, struct sock if (nam->sa_len != sizeof(*addr)) return (EINVAL); - if ((error = prison_check_ip6(td->td_ucred, &addr->sin6_addr)) != 0) - return (error); if (TAILQ_EMPTY(&V_ifnet) || addr->sin6_family != AF_INET6) return (EADDRNOTAVAIL); INP_RLOCK(inp); @@ -750,6 +746,8 @@ rip6_bind(struct socket *so, struct sock INP_RUNLOCK(inp); if (error != 0) return (error); + if ((error = prison_check_ip6(td->td_ucred, addr)) != 0) + return (error); if (!IN6_IS_ADDR_UNSPECIFIED(&addr->sin6_addr)) { ifa = in6ifa_ifwithaddr(&addr->sin6_addr, addr->sin6_scope_id); if (ifa == NULL)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312232226.rBNMQIo6073901>