kern/87032: [PATCH] ipfw ioctl interface implementation
Andrey V. Elsukov
bu7cher at yandex.ru
Tue Oct 11 21:40:21 PDT 2005
The following reply was made to PR kern/87032; it has been noted by GNATS.
From: "Andrey V. Elsukov" <bu7cher at yandex.ru>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation
Date: Wed, 12 Oct 2005 08:36:51 +0400
This is a multi-part message in MIME format.
--------------050604070508040903090904
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Related with the jail the addition patch.
Full last version of the patch can be found on the URL
http://butcher.heavennet.ru/ipfw_ioctl/
--------------050604070508040903090904
Content-Type: text/plain;
name="netinet.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="netinet.diff"
--- sys/netinet/ip_dummynet.c.orig Tue Oct 11 16:33:13 2005
+++ sys/netinet/ip_dummynet.c Wed Oct 12 08:01:24 2005
@@ -88,6 +88,7 @@
#ifdef DEV_DNCTL
#include <sys/conf.h>
#include <sys/fcntl.h>
+#include <sys/jail.h>
#include <netinet/ip_dummynet_io.h>
static d_ioctl_t ip_dn_ioctl;
@@ -2119,6 +2120,9 @@
size_t size;
struct ip_dummynet_ctl* ctl = (struct ip_dummynet_ctl*)data;
+ if (jailed(td->td_ucred)) {
+ return EPERM;
+ }
switch(cmd) {
case IPDNIOCSCMD:
if ((fflag & FWRITE) != FWRITE) {
--- sys/netinet/ip_fw2.c.orig Tue Oct 11 16:19:32 2005
+++ sys/netinet/ip_fw2.c Wed Oct 12 07:58:55 2005
@@ -4127,6 +4127,9 @@
size_t size;
struct ip_fw_ctl* ctl = (struct ip_fw_ctl*)data;
+ if (jailed(td->td_ucred)) {
+ return EPERM;
+ }
switch(cmd) {
/*
* IPFWIOCSCMD makes some modifications of ipfw's state
--------------050604070508040903090904--
More information about the freebsd-ipfw
mailing list