Author: jamie
Date: Thu Feb 5 14:58:16 2009
New Revision: 188149
URL: http://svn.freebsd.org/changeset/base/188149
Log:
Call prison_if from rtm_get_jailed, instead of splitting it out into
prison_check_ip4 and prison_check_ip6. As prison_if includes a jailed()
check, remove that check before calling rtm_get_jailed.
Approved by: bz (mentor)
Modified:
head/sys/net/rtsock.c
Modified: head/sys/net/rtsock.c
==============================================================================
--- head/sys/net/rtsock.c Thu Feb 5 14:25:53 2009 (r188148)
+++ head/sys/net/rtsock.c Thu Feb 5 14:58:16 2009 (r188149)
@@ -337,55 +337,48 @@ rtm_get_jailed(struct rt_addrinfo *info,
struct rtentry *rt, union sockaddr_union *saun, struct ucred *cred)
{
+ /* First, see if the returned address is part of the jail. */
+ if (prison_if(cred, rt->rt_ifa->ifa_addr) == 0) {
+ info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
+ return (0);
+ }
+
switch (info->rti_info[RTAX_DST]->sa_family) {
#ifdef INET
case AF_INET:
{
struct in_addr ia;
+ struct ifaddr *ifa;
+ int found;
+ found = 0;
/*
- * 1. Check if the returned address is part of the jail.
+ * Try to find an address on the given outgoing interface
+ * that belongs to the jail.
*/
- ia = ((struct sockaddr_in *)rt->rt_ifa->ifa_addr)->sin_addr;
- if (prison_check_ip4(cred, &ia) == 0) {
- info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
-
- } else {
- struct ifaddr *ifa;
- int found;
-
- found = 0;
-
+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
+ struct sockaddr *sa;
+ sa = ifa->ifa_addr;
+ if (sa->sa_family != AF_INET)
+ continue;
+ ia = ((struct sockaddr_in *)sa)->sin_addr;
+ if (prison_check_ip4(cred, &ia) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
/*
- * 2. Try to find an address on the given outgoing
- * interface that belongs to the jail.
+ * As a last resort return the 'default' jail address.
*/
- TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
- struct sockaddr *sa;
- sa = ifa->ifa_addr;
- if (sa->sa_family != AF_INET)
- continue;
- ia = ((struct sockaddr_in *)sa)->sin_addr;
- if (prison_check_ip4(cred, &ia) == 0) {
- found = 1;
- break;
- }
- }
- if (!found) {
- /*
- * 3. As a last resort return the 'default'
- * jail address.
- */
- if (prison_get_ip4(cred, &ia) != 0)
- return (ESRCH);
- }
- bzero(&saun->sin, sizeof(struct sockaddr_in));
- saun->sin.sin_len = sizeof(struct sockaddr_in);
- saun->sin.sin_family = AF_INET;
- saun->sin.sin_addr.s_addr = ia.s_addr;
- info->rti_info[RTAX_IFA] =
- (struct sockaddr *)&saun->sin;
+ if (prison_get_ip4(cred, &ia) != 0)
+ return (ESRCH);
}
+ bzero(&saun->sin, sizeof(struct sockaddr_in));
+ saun->sin.sin_len = sizeof(struct sockaddr_in);
+ saun->sin.sin_family = AF_INET;
+ saun->sin.sin_addr.s_addr = ia.s_addr;
+ info->rti_info[RTAX_IFA] = (struct sockaddr *)&saun->sin;
break;
}
#endif
@@ -393,54 +386,40 @@ rtm_get_jailed(struct rt_addrinfo *info,
case AF_INET6:
{
struct in6_addr ia6;
+ struct ifaddr *ifa;
+ int found;
+ found = 0;
/*
- * 1. Check if the returned address is part of the jail.
+ * Try to find an address on the given outgoing interface
+ * that belongs to the jail.
*/
- bcopy(&((struct sockaddr_in6 *)rt->rt_ifa->ifa_addr)->sin6_addr,
- &ia6, sizeof(struct in6_addr));
- if (prison_check_ip6(cred, &ia6) == 0) {
- info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
- } else {
- struct ifaddr *ifa;
- int found;
-
- found = 0;
-
+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
+ struct sockaddr *sa;
+ sa = ifa->ifa_addr;
+ if (sa->sa_family != AF_INET6)
+ continue;
+ bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr,
+ &ia6, sizeof(struct in6_addr));
+ if (prison_check_ip6(cred, &ia6) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
/*
- * 2. Try to find an address on the given outgoing
- * interface that belongs to the jail.
+ * As a last resort return the 'default' jail address.
*/
- TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
- struct sockaddr *sa;
- sa = ifa->ifa_addr;
- if (sa->sa_family != AF_INET6)
- continue;
- bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr,
- &ia6, sizeof(struct in6_addr));
- if (prison_check_ip6(cred, &ia6) == 0) {
- found = 1;
- break;
- }
- }
- if (!found) {
- /*
- * 3. As a last resort return the 'default'
- * jail address.
- */
- if (prison_get_ip6(cred, &ia6) != 0)
- return (ESRCH);
- }
- bzero(&saun->sin6, sizeof(struct sockaddr_in6));
- saun->sin6.sin6_len = sizeof(struct sockaddr_in6);
- saun->sin6.sin6_family = AF_INET6;
- bcopy(&ia6, &saun->sin6.sin6_addr,
- sizeof(struct in6_addr));
- if (sa6_recoverscope(&saun->sin6) != 0)
+ if (prison_get_ip6(cred, &ia6) != 0)
return (ESRCH);
- info->rti_info[RTAX_IFA] =
- (struct sockaddr *)&saun->sin6;
}
+ bzero(&saun->sin6, sizeof(struct sockaddr_in6));
+ saun->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ saun->sin6.sin6_family = AF_INET6;
+ bcopy(&ia6, &saun->sin6.sin6_addr, sizeof(struct in6_addr));
+ if (sa6_recoverscope(&saun->sin6) != 0)
+ return (ESRCH);
+ info->rti_info[RTAX_IFA] = (struct sockaddr *)&saun->sin6;
break;
}
#endif
@@ -628,17 +607,11 @@ route_output(struct mbuf *m, struct sock
if (ifp) {
info.rti_info[RTAX_IFP] =
ifp->if_addr->ifa_addr;
- if (jailed(curthread->td_ucred)) {
- error = rtm_get_jailed(
- &info, ifp, rt, &saun,
- curthread->td_ucred);
- if (error != 0) {
- RT_UNLOCK(rt);
- senderr(ESRCH);
- }
- } else {
- info.rti_info[RTAX_IFA] =
- rt->rt_ifa->ifa_addr;
+ error = rtm_get_jailed(&info, ifp, rt,
+ &saun, curthread->td_ucred);
+ if (error != 0) {
+ RT_UNLOCK(rt);
+ senderr(error);
}
if (ifp->if_flags & IFF_POINTOPOINT)
info.rti_info[RTAX_BRD] =
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
