svn commit: r259796 - user/ae/inet6/sys/netinet6
Andrey V. Elsukov
ae at FreeBSD.org
Mon Dec 23 22:26:18 UTC 2013
Author: ae
Date: Mon Dec 23 22:26:17 2013
New Revision: 259796
URL: http://svnweb.freebsd.org/changeset/base/259796
Log:
* Use new prison_xxx_ip6() functions.
* rip6_output() always calls in6_selectsrc() where all prison restrictions
will be applied, thus no need to call prison_check_ip6() here.
* in rip6_bind() move prison_check_ip6() call to be a bit later, when
sockaddr_in6 structure will have sin6_scope_id properly initialized.
Modified:
user/ae/inet6/sys/netinet6/raw_ip6.c
Modified: user/ae/inet6/sys/netinet6/raw_ip6.c
==============================================================================
--- user/ae/inet6/sys/netinet6/raw_ip6.c Mon Dec 23 22:20:47 2013 (r259795)
+++ user/ae/inet6/sys/netinet6/raw_ip6.c Mon Dec 23 22:26:17 2013 (r259796)
@@ -166,6 +166,7 @@ rip6_input(struct mbuf **mp, int *offp,
struct inpcb *last = 0;
struct mbuf *opts = NULL;
struct sockaddr_in6 fromsa;
+ uint32_t zoneid;
RIP6STAT_INC(rip6s_ipackets);
@@ -176,8 +177,8 @@ rip6_input(struct mbuf **mp, int *offp,
}
init_sin6(&fromsa, m); /* general init */
-
ifp = m->m_pkthdr.rcvif;
+ zoneid = in6_getscopezone(ifp, IPV6_ADDR_SCOPE_LINKLOCAL);
INP_INFO_RLOCK(&V_ripcbinfo);
LIST_FOREACH(in6p, &V_ripcb, inp_list) {
@@ -200,8 +201,8 @@ rip6_input(struct mbuf **mp, int *offp,
* and fall through into normal filter path if so.
*/
if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
- prison_check_ip6(in6p->inp_cred,
- &ip6->ip6_dst) != 0)
+ prison_check_in6(in6p->inp_cred,
+ &ip6->ip6_dst, zoneid) != 0)
continue;
}
INP_RLOCK(in6p);
@@ -466,9 +467,6 @@ rip6_output(struct mbuf *m, ...)
&oifp, &in6a);
if (error)
goto bad;
- error = prison_check_ip6(in6p->inp_cred, &in6a);
- if (error != 0)
- goto bad;
ip6->ip6_src = in6a;
ip6->ip6_dst = dstsock->sin6_addr;
@@ -740,8 +738,6 @@ rip6_bind(struct socket *so, struct sock
if (nam->sa_len != sizeof(*addr))
return (EINVAL);
- if ((error = prison_check_ip6(td->td_ucred, &addr->sin6_addr)) != 0)
- return (error);
if (TAILQ_EMPTY(&V_ifnet) || addr->sin6_family != AF_INET6)
return (EADDRNOTAVAIL);
INP_RLOCK(inp);
@@ -750,6 +746,8 @@ rip6_bind(struct socket *so, struct sock
INP_RUNLOCK(inp);
if (error != 0)
return (error);
+ if ((error = prison_check_ip6(td->td_ucred, addr)) != 0)
+ return (error);
if (!IN6_IS_ADDR_UNSPECIFIED(&addr->sin6_addr)) {
ifa = in6ifa_ifwithaddr(&addr->sin6_addr, addr->sin6_scope_id);
if (ifa == NULL)
More information about the svn-src-user
mailing list