| raw_ip.c (187684) | raw_ip.c (188144) |
|---|---|
| 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 17 unchanged lines hidden (view full) --- 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 31 */ 32 33#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 17 unchanged lines hidden (view full) --- 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 31 */ 32 33#include <sys/cdefs.h> |
| 34__FBSDID("$FreeBSD: head/sys/netinet/raw_ip.c 187684 2009-01-25 10:11:58Z bz $"); | 34__FBSDID("$FreeBSD: head/sys/netinet/raw_ip.c 188144 2009-02-05 14:06:09Z jamie $"); |
| 35 36#include "opt_inet6.h" 37#include "opt_ipsec.h" 38#include "opt_mac.h" 39 40#include <sys/param.h> 41#include <sys/jail.h> 42#include <sys/kernel.h> --- 228 unchanged lines hidden (view full) --- 271 /* XXX inp locking */ 272 if ((inp->inp_vflag & INP_IPV4) == 0) 273 continue; 274#endif 275 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 276 continue; 277 if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) 278 continue; | 35 36#include "opt_inet6.h" 37#include "opt_ipsec.h" 38#include "opt_mac.h" 39 40#include <sys/param.h> 41#include <sys/jail.h> 42#include <sys/kernel.h> --- 228 unchanged lines hidden (view full) --- 271 /* XXX inp locking */ 272 if ((inp->inp_vflag & INP_IPV4) == 0) 273 continue; 274#endif 275 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 276 continue; 277 if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) 278 continue; |
| 279 if (jailed(inp->inp_cred)) { 280 if (!prison_check_ip4(inp->inp_cred, &ip->ip_dst)) 281 continue; 282 } | 279 if (prison_check_ip4(inp->inp_cred, &ip->ip_dst) != 0) 280 continue; |
| 283 if (last != NULL) { 284 struct mbuf *n; 285 286 n = m_copy(m, 0, (int)M_COPYALL); 287 if (n != NULL) 288 (void) rip_append(last, ip, n, &ripsrc); 289 /* XXX count dropped packet */ 290 INP_RUNLOCK(last); --- 10 unchanged lines hidden (view full) --- 301 continue; 302#endif 303 if (inp->inp_laddr.s_addr && 304 inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 305 continue; 306 if (inp->inp_faddr.s_addr && 307 inp->inp_faddr.s_addr != ip->ip_src.s_addr) 308 continue; | 281 if (last != NULL) { 282 struct mbuf *n; 283 284 n = m_copy(m, 0, (int)M_COPYALL); 285 if (n != NULL) 286 (void) rip_append(last, ip, n, &ripsrc); 287 /* XXX count dropped packet */ 288 INP_RUNLOCK(last); --- 10 unchanged lines hidden (view full) --- 299 continue; 300#endif 301 if (inp->inp_laddr.s_addr && 302 inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 303 continue; 304 if (inp->inp_faddr.s_addr && 305 inp->inp_faddr.s_addr != ip->ip_src.s_addr) 306 continue; |
| 309 if (jailed(inp->inp_cred)) { 310 if (!prison_check_ip4(inp->inp_cred, &ip->ip_dst)) 311 continue; 312 } | 307 if (prison_check_ip4(inp->inp_cred, &ip->ip_dst) != 0) 308 continue; |
| 313 if (last != NULL) { 314 struct mbuf *n; 315 316 n = m_copy(m, 0, (int)M_COPYALL); 317 if (n != NULL) 318 (void) rip_append(last, ip, n, &ripsrc); 319 /* XXX count dropped packet */ 320 INP_RUNLOCK(last); --- 44 unchanged lines hidden (view full) --- 365 ip = mtod(m, struct ip *); 366 ip->ip_tos = inp->inp_ip_tos; 367 if (inp->inp_flags & INP_DONTFRAG) 368 ip->ip_off = IP_DF; 369 else 370 ip->ip_off = 0; 371 ip->ip_p = inp->inp_ip_p; 372 ip->ip_len = m->m_pkthdr.len; | 309 if (last != NULL) { 310 struct mbuf *n; 311 312 n = m_copy(m, 0, (int)M_COPYALL); 313 if (n != NULL) 314 (void) rip_append(last, ip, n, &ripsrc); 315 /* XXX count dropped packet */ 316 INP_RUNLOCK(last); --- 44 unchanged lines hidden (view full) --- 361 ip = mtod(m, struct ip *); 362 ip->ip_tos = inp->inp_ip_tos; 363 if (inp->inp_flags & INP_DONTFRAG) 364 ip->ip_off = IP_DF; 365 else 366 ip->ip_off = 0; 367 ip->ip_p = inp->inp_ip_p; 368 ip->ip_len = m->m_pkthdr.len; |
| 373 if (jailed(inp->inp_cred)) { 374 if (prison_get_ip4(inp->inp_cred, &ip->ip_src) != 0) { 375 INP_RUNLOCK(inp); 376 m_freem(m); 377 return (EPERM); 378 } 379 } else { 380 ip->ip_src = inp->inp_laddr; | 369 ip->ip_src = inp->inp_laddr; 370 error = prison_get_ip4(inp->inp_cred, &ip->ip_src); 371 if (error != 0) { 372 INP_RUNLOCK(inp); 373 m_freem(m); 374 return (error); |
| 381 } 382 ip->ip_dst.s_addr = dst; 383 ip->ip_ttl = inp->inp_ip_ttl; 384 } else { 385 if (m->m_pkthdr.len > IP_MAXPACKET) { 386 m_freem(m); 387 return(EMSGSIZE); 388 } 389 INP_RLOCK(inp); 390 ip = mtod(m, struct ip *); | 375 } 376 ip->ip_dst.s_addr = dst; 377 ip->ip_ttl = inp->inp_ip_ttl; 378 } else { 379 if (m->m_pkthdr.len > IP_MAXPACKET) { 380 m_freem(m); 381 return(EMSGSIZE); 382 } 383 INP_RLOCK(inp); 384 ip = mtod(m, struct ip *); |
| 391 if (!prison_check_ip4(inp->inp_cred, &ip->ip_src)) { | 385 error = prison_check_ip4(inp->inp_cred, &ip->ip_src); 386 if (error != 0) { |
| 392 INP_RUNLOCK(inp); 393 m_freem(m); | 387 INP_RUNLOCK(inp); 388 m_freem(m); |
| 394 return (EPERM); | 389 return (error); |
| 395 } 396 397 /* 398 * Don't allow both user specified and setsockopt options, 399 * and don't allow packet length sizes that will crash. 400 */ 401 if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) 402 || (ip->ip_len > m->m_pkthdr.len) --- 395 unchanged lines hidden (view full) --- 798 799static int 800rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td) 801{ 802 INIT_VNET_NET(so->so_vnet); 803 INIT_VNET_INET(so->so_vnet); 804 struct sockaddr_in *addr = (struct sockaddr_in *)nam; 805 struct inpcb *inp; | 390 } 391 392 /* 393 * Don't allow both user specified and setsockopt options, 394 * and don't allow packet length sizes that will crash. 395 */ 396 if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) 397 || (ip->ip_len > m->m_pkthdr.len) --- 395 unchanged lines hidden (view full) --- 793 794static int 795rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td) 796{ 797 INIT_VNET_NET(so->so_vnet); 798 INIT_VNET_INET(so->so_vnet); 799 struct sockaddr_in *addr = (struct sockaddr_in *)nam; 800 struct inpcb *inp; |
| 801 int error; |
|
| 806 807 if (nam->sa_len != sizeof(*addr)) 808 return (EINVAL); 809 | 802 803 if (nam->sa_len != sizeof(*addr)) 804 return (EINVAL); 805 |
| 810 if (!prison_check_ip4(td->td_ucred, &addr->sin_addr)) 811 return (EADDRNOTAVAIL); | 806 error = prison_check_ip4(td->td_ucred, &addr->sin_addr); 807 if (error != 0) 808 return (error); |
| 812 813 if (TAILQ_EMPTY(&V_ifnet) || 814 (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) || 815 (addr->sin_addr.s_addr && 816 ifa_ifwithaddr((struct sockaddr *)addr) == 0)) 817 return (EADDRNOTAVAIL); 818 819 inp = sotoinpcb(so); --- 195 unchanged lines hidden --- | 809 810 if (TAILQ_EMPTY(&V_ifnet) || 811 (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) || 812 (addr->sin_addr.s_addr && 813 ifa_ifwithaddr((struct sockaddr *)addr) == 0)) 814 return (EADDRNOTAVAIL); 815 816 inp = sotoinpcb(so); --- 195 unchanged lines hidden --- |