| raw_ip.c (189106) | raw_ip.c (189592) |
|---|---|
| 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 17 unchanged lines hidden (view full) --- 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 31 */ 32 33#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 17 unchanged lines hidden (view full) --- 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 31 */ 32 33#include <sys/cdefs.h> |
| 34__FBSDID("$FreeBSD: head/sys/netinet/raw_ip.c 189106 2009-02-27 14:12:05Z bz $"); | 34__FBSDID("$FreeBSD: head/sys/netinet/raw_ip.c 189592 2009-03-09 17:53:05Z bms $"); |
| 35 36#include "opt_inet6.h" 37#include "opt_ipsec.h" 38#include "opt_route.h" 39#include "opt_mac.h" 40 41#include <sys/param.h> 42#include <sys/jail.h> --- 203 unchanged lines hidden (view full) --- 246/* 247 * Setup generic address and protocol structures for raw_input routine, then 248 * pass them along with mbuf chain. 249 */ 250void 251rip_input(struct mbuf *m, int off) 252{ 253 INIT_VNET_INET(curvnet); | 35 36#include "opt_inet6.h" 37#include "opt_ipsec.h" 38#include "opt_route.h" 39#include "opt_mac.h" 40 41#include <sys/param.h> 42#include <sys/jail.h> --- 203 unchanged lines hidden (view full) --- 246/* 247 * Setup generic address and protocol structures for raw_input routine, then 248 * pass them along with mbuf chain. 249 */ 250void 251rip_input(struct mbuf *m, int off) 252{ 253 INIT_VNET_INET(curvnet); |
| 254 struct ifnet *ifp; |
|
| 254 struct ip *ip = mtod(m, struct ip *); 255 int proto = ip->ip_p; 256 struct inpcb *inp, *last; 257 struct sockaddr_in ripsrc; 258 int hash; 259 260 bzero(&ripsrc, sizeof(ripsrc)); 261 ripsrc.sin_len = sizeof(ripsrc); 262 ripsrc.sin_family = AF_INET; 263 ripsrc.sin_addr = ip->ip_src; 264 last = NULL; | 255 struct ip *ip = mtod(m, struct ip *); 256 int proto = ip->ip_p; 257 struct inpcb *inp, *last; 258 struct sockaddr_in ripsrc; 259 int hash; 260 261 bzero(&ripsrc, sizeof(ripsrc)); 262 ripsrc.sin_len = sizeof(ripsrc); 263 ripsrc.sin_family = AF_INET; 264 ripsrc.sin_addr = ip->ip_src; 265 last = NULL; |
| 266 267 ifp = m->m_pkthdr.rcvif; 268 |
|
| 265 hash = INP_PCBHASH_RAW(proto, ip->ip_src.s_addr, 266 ip->ip_dst.s_addr, V_ripcbinfo.ipi_hashmask); 267 INP_INFO_RLOCK(&V_ripcbinfo); 268 LIST_FOREACH(inp, &V_ripcbinfo.ipi_hashbase[hash], inp_hash) { 269 if (inp->inp_ip_p != proto) 270 continue; 271#ifdef INET6 272 /* XXX inp locking */ 273 if ((inp->inp_vflag & INP_IPV4) == 0) 274 continue; 275#endif 276 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 277 continue; 278 if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) 279 continue; | 269 hash = INP_PCBHASH_RAW(proto, ip->ip_src.s_addr, 270 ip->ip_dst.s_addr, V_ripcbinfo.ipi_hashmask); 271 INP_INFO_RLOCK(&V_ripcbinfo); 272 LIST_FOREACH(inp, &V_ripcbinfo.ipi_hashbase[hash], inp_hash) { 273 if (inp->inp_ip_p != proto) 274 continue; 275#ifdef INET6 276 /* XXX inp locking */ 277 if ((inp->inp_vflag & INP_IPV4) == 0) 278 continue; 279#endif 280 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 281 continue; 282 if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) 283 continue; |
| 280 if (prison_check_ip4(inp->inp_cred, &ip->ip_dst) != 0) 281 continue; | 284 if (jailed(inp->inp_cred)) { 285 /* 286 * XXX: If faddr was bound to multicast group, 287 * jailed raw socket will drop datagram. 288 */ 289 if (prison_check_ip4(inp->inp_cred, &ip->ip_dst) != 0) 290 continue; 291 } |
| 282 if (last != NULL) { 283 struct mbuf *n; 284 285 n = m_copy(m, 0, (int)M_COPYALL); 286 if (n != NULL) 287 (void) rip_append(last, ip, n, &ripsrc); 288 /* XXX count dropped packet */ 289 INP_RUNLOCK(last); --- 4 unchanged lines hidden (view full) --- 294 LIST_FOREACH(inp, &V_ripcbinfo.ipi_hashbase[0], inp_hash) { 295 if (inp->inp_ip_p && inp->inp_ip_p != proto) 296 continue; 297#ifdef INET6 298 /* XXX inp locking */ 299 if ((inp->inp_vflag & INP_IPV4) == 0) 300 continue; 301#endif | 292 if (last != NULL) { 293 struct mbuf *n; 294 295 n = m_copy(m, 0, (int)M_COPYALL); 296 if (n != NULL) 297 (void) rip_append(last, ip, n, &ripsrc); 298 /* XXX count dropped packet */ 299 INP_RUNLOCK(last); --- 4 unchanged lines hidden (view full) --- 304 LIST_FOREACH(inp, &V_ripcbinfo.ipi_hashbase[0], inp_hash) { 305 if (inp->inp_ip_p && inp->inp_ip_p != proto) 306 continue; 307#ifdef INET6 308 /* XXX inp locking */ 309 if ((inp->inp_vflag & INP_IPV4) == 0) 310 continue; 311#endif |
| 302 if (inp->inp_laddr.s_addr && 303 inp->inp_laddr.s_addr != ip->ip_dst.s_addr) | 312 if (!in_nullhost(inp->inp_laddr) && 313 !in_hosteq(inp->inp_laddr, ip->ip_dst)) |
| 304 continue; | 314 continue; |
| 305 if (inp->inp_faddr.s_addr && 306 inp->inp_faddr.s_addr != ip->ip_src.s_addr) | 315 if (!in_nullhost(inp->inp_faddr) && 316 !in_hosteq(inp->inp_faddr, ip->ip_src)) |
| 307 continue; | 317 continue; |
| 308 if (prison_check_ip4(inp->inp_cred, &ip->ip_dst) != 0) 309 continue; | 318 if (jailed(inp->inp_cred)) { 319 /* 320 * Allow raw socket in jail to receive multicast; 321 * assume process had PRIV_NETINET_RAW at attach, 322 * and fall through into normal filter path if so. 323 */ 324 if (!IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) && 325 prison_check_ip4(inp->inp_cred, &ip->ip_dst) != 0) 326 continue; 327 } 328 /* 329 * If this raw socket has multicast state, and we 330 * have received a multicast, check if this socket 331 * should receive it, as multicast filtering is now 332 * the responsibility of the transport layer. 333 */ 334 if (inp->inp_moptions != NULL && 335 IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 336 struct sockaddr_in group; 337 int blocked; 338 339 bzero(&group, sizeof(struct sockaddr_in)); 340 group.sin_len = sizeof(struct sockaddr_in); 341 group.sin_family = AF_INET; 342 group.sin_addr = ip->ip_dst; 343 344 blocked = imo_multi_filter(inp->inp_moptions, ifp, 345 (struct sockaddr *)&group, 346 (struct sockaddr *)&ripsrc); 347 if (blocked != MCAST_PASS) { 348 V_ipstat.ips_notmember++; 349 continue; 350 } 351 } |
| 310 if (last != NULL) { 311 struct mbuf *n; 312 313 n = m_copy(m, 0, (int)M_COPYALL); 314 if (n != NULL) 315 (void) rip_append(last, ip, n, &ripsrc); 316 /* XXX count dropped packet */ 317 INP_RUNLOCK(last); --- 695 unchanged lines hidden --- | 352 if (last != NULL) { 353 struct mbuf *n; 354 355 n = m_copy(m, 0, (int)M_COPYALL); 356 if (n != NULL) 357 (void) rip_append(last, ip, n, &ripsrc); 358 /* XXX count dropped packet */ 359 INP_RUNLOCK(last); --- 695 unchanged lines hidden --- |