PERFORCE change 142030 for review

John Birrell jb at FreeBSD.org
Thu May 22 08:27:56 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=142030

Change 142030 by jb at freebsd3 on 2008/05/22 08:27:30

	IFC

Affected files ...

.. //depot/projects/dtrace/src/sys/netinet/ip_dummynet.c#11 integrate
.. //depot/projects/dtrace/src/sys/netinet/raw_ip.c#17 integrate

Differences ...

==== //depot/projects/dtrace/src/sys/netinet/ip_dummynet.c#11 (text+ko) ====

@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/netinet/ip_dummynet.c,v 1.115 2008/02/27 13:52:33 dwmalone Exp $");
+__FBSDID("$FreeBSD: src/sys/netinet/ip_dummynet.c,v 1.116 2008/05/22 08:10:31 rwatson Exp $");
 
 #define	DUMMYNET_DEBUG
 
@@ -63,6 +63,7 @@
 #include <sys/mbuf.h>
 #include <sys/kernel.h>
 #include <sys/module.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
@@ -2124,6 +2125,10 @@
     int error = 0 ;
     struct dn_pipe *p, tmp_pipe;
 
+    error = priv_check(sopt->sopt_td, PRIV_NETINET_DUMMYNET);
+    if (error)
+	return (error);
+
     /* Disallow sets in really-really secure mode. */
     if (sopt->sopt_dir == SOPT_SET) {
 #if __FreeBSD_version >= 500034

==== //depot/projects/dtrace/src/sys/netinet/raw_ip.c#17 (text+ko) ====

@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/netinet/raw_ip.c,v 1.184 2008/05/09 23:02:57 julian Exp $");
+__FBSDID("$FreeBSD: src/sys/netinet/raw_ip.c,v 1.185 2008/05/22 08:10:31 rwatson Exp $");
 
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
@@ -381,13 +381,6 @@
 		case IP_FW_TABLE_LIST:
 		case IP_FW_NAT_GET_CONFIG:
 		case IP_FW_NAT_GET_LOG:
-			/*
-			 * XXXRW: Isn't this checked one layer down?  Yes, it
-			 * is.
-			 */
-			error = priv_check(curthread, PRIV_NETINET_IPFW);
-			if (error != 0)
-				return (error);
 			if (ip_fw_ctl_ptr != NULL)
 				error = ip_fw_ctl_ptr(sopt);
 			else
@@ -395,9 +388,6 @@
 			break;
 
 		case IP_DUMMYNET_GET:
-			error = priv_check(curthread, PRIV_NETINET_DUMMYNET);
-			if (error != 0)
-				return (error);
 			if (ip_dn_ctl_ptr != NULL)
 				error = ip_dn_ctl_ptr(sopt);
 			else
@@ -452,12 +442,6 @@
 		case IP_FW_TABLE_FLUSH:
 		case IP_FW_NAT_CFG:
 		case IP_FW_NAT_DEL:
-			/*
-			 * XXXRW: Isn't this checked one layer down?
-			 */
-			error = priv_check(curthread, PRIV_NETINET_IPFW);
-			if (error != 0)
-				return (error);
 			if (ip_fw_ctl_ptr != NULL)
 				error = ip_fw_ctl_ptr(sopt);
 			else
@@ -467,9 +451,6 @@
 		case IP_DUMMYNET_CONFIGURE:
 		case IP_DUMMYNET_DEL:
 		case IP_DUMMYNET_FLUSH:
-			error = priv_check(curthread, PRIV_NETINET_DUMMYNET);
-			if (error != 0)
-				return (error);
 			if (ip_dn_ctl_ptr != NULL)
 				error = ip_dn_ctl_ptr(sopt);
 			else

More information about the p4-projects mailing list