| rtsock.c (184205) | rtsock.c (185435) |
|---|---|
| 1/*- 2 * Copyright (c) 1988, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 13 unchanged lines hidden (view full) --- 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)rtsock.c 8.7 (Berkeley) 10/12/95 | 1/*- 2 * Copyright (c) 1988, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 13 unchanged lines hidden (view full) --- 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)rtsock.c 8.7 (Berkeley) 10/12/95 |
| 30 * $FreeBSD: head/sys/net/rtsock.c 184205 2008-10-23 15:53:51Z des $ | 30 * $FreeBSD: head/sys/net/rtsock.c 185435 2008-11-29 14:32:14Z bz $ |
| 31 */ 32#include "opt_sctp.h" 33#include "opt_mpath.h" | 31 */ 32#include "opt_sctp.h" 33#include "opt_mpath.h" |
| 34#include "opt_inet.h" 35#include "opt_inet6.h" |
|
| 34 35#include <sys/param.h> 36#include <sys/domain.h> | 36 37#include <sys/param.h> 38#include <sys/domain.h> |
| 37#include <sys/kernel.h> | |
| 38#include <sys/jail.h> | 39#include <sys/jail.h> |
| 40#include <sys/kernel.h> |
|
| 39#include <sys/malloc.h> 40#include <sys/mbuf.h> 41#include <sys/priv.h> 42#include <sys/proc.h> 43#include <sys/protosw.h> 44#include <sys/signalvar.h> 45#include <sys/socket.h> 46#include <sys/socketvar.h> 47#include <sys/sysctl.h> 48#include <sys/systm.h> 49#include <sys/vimage.h> 50 51#include <net/if.h> 52#include <net/netisr.h> 53#include <net/raw_cb.h> 54#include <net/route.h> 55 56#include <netinet/in.h> | 41#include <sys/malloc.h> 42#include <sys/mbuf.h> 43#include <sys/priv.h> 44#include <sys/proc.h> 45#include <sys/protosw.h> 46#include <sys/signalvar.h> 47#include <sys/socket.h> 48#include <sys/socketvar.h> 49#include <sys/sysctl.h> 50#include <sys/systm.h> 51#include <sys/vimage.h> 52 53#include <net/if.h> 54#include <net/netisr.h> 55#include <net/raw_cb.h> 56#include <net/route.h> 57 58#include <netinet/in.h> |
| 59#ifdef INET6 60#include <netinet6/scope6_var.h> 61#endif |
|
| 57 58#ifdef SCTP 59extern void sctp_addr_change(struct ifaddr *ifa, int cmd); 60#endif /* SCTP */ 61 62MALLOC_DEFINE(M_RTABLE, "routetbl", "routing tables"); 63 64/* NB: these are not modified */ --- 239 unchanged lines hidden (view full) --- 304 .pru_disconnect = rts_disconnect, 305 .pru_peeraddr = rts_peeraddr, 306 .pru_send = rts_send, 307 .pru_shutdown = rts_shutdown, 308 .pru_sockaddr = rts_sockaddr, 309 .pru_close = rts_close, 310}; 311 | 62 63#ifdef SCTP 64extern void sctp_addr_change(struct ifaddr *ifa, int cmd); 65#endif /* SCTP */ 66 67MALLOC_DEFINE(M_RTABLE, "routetbl", "routing tables"); 68 69/* NB: these are not modified */ --- 239 unchanged lines hidden (view full) --- 309 .pru_disconnect = rts_disconnect, 310 .pru_peeraddr = rts_peeraddr, 311 .pru_send = rts_send, 312 .pru_shutdown = rts_shutdown, 313 .pru_sockaddr = rts_sockaddr, 314 .pru_close = rts_close, 315}; 316 |
| 317#ifndef _SOCKADDR_UNION_DEFINED 318#define _SOCKADDR_UNION_DEFINED 319/* 320 * The union of all possible address formats we handle. 321 */ 322union sockaddr_union { 323 struct sockaddr sa; 324 struct sockaddr_in sin; 325 struct sockaddr_in6 sin6; 326}; 327#endif /* _SOCKADDR_UNION_DEFINED */ 328 329static int 330rtm_get_jailed(struct rt_addrinfo *info, struct ifnet *ifp, 331 struct rtentry *rt, union sockaddr_union *saun, struct ucred *cred) 332{ 333 334 switch (info->rti_info[RTAX_DST]->sa_family) { 335#ifdef INET 336 case AF_INET: 337 { 338 struct in_addr ia; 339 340 /* 341 * 1. Check if the returned address is part of the jail. 342 */ 343 ia = ((struct sockaddr_in *)rt->rt_ifa->ifa_addr)->sin_addr; 344 if (prison_check_ip4(cred, &ia) != 0) { 345 info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; 346 347 } else { 348 struct ifaddr *ifa; 349 int found; 350 351 found = 0; 352 353 /* 354 * 2. Try to find an address on the given outgoing 355 * interface that belongs to the jail. 356 */ 357 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 358 struct sockaddr *sa; 359 sa = ifa->ifa_addr; 360 if (sa->sa_family != AF_INET) 361 continue; 362 ia = ((struct sockaddr_in *)sa)->sin_addr; 363 if (prison_check_ip4(cred, &ia) != 0) { 364 found = 1; 365 break; 366 } 367 } 368 if (!found) { 369 /* 370 * 3. As a last resort return the 'default' 371 * jail address. 372 */ 373 if (prison_getip4(cred, &ia) != 0) 374 return (ESRCH); 375 } 376 bzero(&saun->sin, sizeof(struct sockaddr_in)); 377 saun->sin.sin_len = sizeof(struct sockaddr_in); 378 saun->sin.sin_family = AF_INET; 379 saun->sin.sin_addr.s_addr = ia.s_addr; 380 info->rti_info[RTAX_IFA] = 381 (struct sockaddr *)&saun->sin; 382 } 383 break; 384 } 385#endif 386#ifdef INET6 387 case AF_INET6: 388 { 389 struct in6_addr ia6; 390 391 /* 392 * 1. Check if the returned address is part of the jail. 393 */ 394 bcopy(&((struct sockaddr_in6 *)rt->rt_ifa->ifa_addr)->sin6_addr, 395 &ia6, sizeof(struct in6_addr)); 396 if (prison_check_ip6(cred, &ia6) != 0) { 397 info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; 398 } else { 399 struct ifaddr *ifa; 400 int found; 401 402 found = 0; 403 404 /* 405 * 2. Try to find an address on the given outgoing 406 * interface that belongs to the jail. 407 */ 408 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 409 struct sockaddr *sa; 410 sa = ifa->ifa_addr; 411 if (sa->sa_family != AF_INET6) 412 continue; 413 bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr, 414 &ia6, sizeof(struct in6_addr)); 415 if (prison_check_ip6(cred, &ia6) != 0) { 416 found = 1; 417 break; 418 } 419 } 420 if (!found) { 421 /* 422 * 3. As a last resort return the 'default' 423 * jail address. 424 */ 425 if (prison_getip6(cred, &ia6) != 0) 426 return (ESRCH); 427 } 428 bzero(&saun->sin6, sizeof(struct sockaddr_in6)); 429 saun->sin6.sin6_len = sizeof(struct sockaddr_in6); 430 saun->sin6.sin6_family = AF_INET6; 431 bcopy(&ia6, &saun->sin6.sin6_addr, 432 sizeof(struct in6_addr)); 433 if (sa6_recoverscope(&saun->sin6) != 0) 434 return (ESRCH); 435 info->rti_info[RTAX_IFA] = 436 (struct sockaddr *)&saun->sin6; 437 } 438 break; 439 } 440#endif 441 default: 442 return (ESRCH); 443 } 444 return (0); 445} 446 |
|
| 312/*ARGSUSED*/ 313static int 314route_output(struct mbuf *m, struct socket *so) 315{ 316#define sa_equal(a1, a2) (bcmp((a1), (a2), (a1)->sa_len) == 0) 317 INIT_VNET_NET(so->so_vnet); 318 struct rt_msghdr *rtm = NULL; 319 struct rtentry *rt = NULL; 320 struct radix_node_head *rnh; 321 struct rt_addrinfo info; 322 int len, error = 0; 323 struct ifnet *ifp = NULL; | 447/*ARGSUSED*/ 448static int 449route_output(struct mbuf *m, struct socket *so) 450{ 451#define sa_equal(a1, a2) (bcmp((a1), (a2), (a1)->sa_len) == 0) 452 INIT_VNET_NET(so->so_vnet); 453 struct rt_msghdr *rtm = NULL; 454 struct rtentry *rt = NULL; 455 struct radix_node_head *rnh; 456 struct rt_addrinfo info; 457 int len, error = 0; 458 struct ifnet *ifp = NULL; |
| 324 struct sockaddr_in jail; | 459 union sockaddr_union saun; |
| 325 326#define senderr(e) { error = e; goto flush;} 327 if (m == NULL || ((m->m_len < sizeof(long)) && 328 (m = m_pullup(m, sizeof(long))) == NULL)) 329 return (ENOBUFS); 330 if ((m->m_flags & M_PKTHDR) == 0) 331 panic("route_output"); 332 len = m->m_pkthdr.len; --- 143 unchanged lines hidden (view full) --- 476 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 477 info.rti_info[RTAX_GENMASK] = rt->rt_genmask; 478 if (rtm->rtm_addrs & (RTA_IFP | RTA_IFA)) { 479 ifp = rt->rt_ifp; 480 if (ifp) { 481 info.rti_info[RTAX_IFP] = 482 ifp->if_addr->ifa_addr; 483 if (jailed(so->so_cred)) { | 460 461#define senderr(e) { error = e; goto flush;} 462 if (m == NULL || ((m->m_len < sizeof(long)) && 463 (m = m_pullup(m, sizeof(long))) == NULL)) 464 return (ENOBUFS); 465 if ((m->m_flags & M_PKTHDR) == 0) 466 panic("route_output"); 467 len = m->m_pkthdr.len; --- 143 unchanged lines hidden (view full) --- 611 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 612 info.rti_info[RTAX_GENMASK] = rt->rt_genmask; 613 if (rtm->rtm_addrs & (RTA_IFP | RTA_IFA)) { 614 ifp = rt->rt_ifp; 615 if (ifp) { 616 info.rti_info[RTAX_IFP] = 617 ifp->if_addr->ifa_addr; 618 if (jailed(so->so_cred)) { |
| 484 bzero(&jail, sizeof(jail)); 485 jail.sin_family = PF_INET; 486 jail.sin_len = sizeof(jail); 487 jail.sin_addr.s_addr = 488 htonl(prison_getip(so->so_cred)); | 619 error = rtm_get_jailed( 620 &info, ifp, rt, &saun, 621 so->so_cred); 622 if (error != 0) { 623 RT_UNLOCK(rt); 624 senderr(ESRCH); 625 } 626 } else { |
| 489 info.rti_info[RTAX_IFA] = | 627 info.rti_info[RTAX_IFA] = |
| 490 (struct sockaddr *)&jail; 491 } else 492 info.rti_info[RTAX_IFA] = | |
| 493 rt->rt_ifa->ifa_addr; | 628 rt->rt_ifa->ifa_addr; |
| 629 } |
|
| 494 if (ifp->if_flags & IFF_POINTOPOINT) 495 info.rti_info[RTAX_BRD] = 496 rt->rt_ifa->ifa_dstaddr; 497 rtm->rtm_index = ifp->if_index; 498 } else { 499 info.rti_info[RTAX_IFP] = NULL; 500 info.rti_info[RTAX_IFA] = NULL; 501 } --- 664 unchanged lines hidden (view full) --- 1166 error = SYSCTL_OUT(w->w_req,(caddr_t)ifm, len); 1167 if (error) 1168 goto done; 1169 } 1170 while ((ifa = TAILQ_NEXT(ifa, ifa_link)) != NULL) { 1171 if (af && af != ifa->ifa_addr->sa_family) 1172 continue; 1173 if (jailed(curthread->td_ucred) && | 630 if (ifp->if_flags & IFF_POINTOPOINT) 631 info.rti_info[RTAX_BRD] = 632 rt->rt_ifa->ifa_dstaddr; 633 rtm->rtm_index = ifp->if_index; 634 } else { 635 info.rti_info[RTAX_IFP] = NULL; 636 info.rti_info[RTAX_IFA] = NULL; 637 } --- 664 unchanged lines hidden (view full) --- 1302 error = SYSCTL_OUT(w->w_req,(caddr_t)ifm, len); 1303 if (error) 1304 goto done; 1305 } 1306 while ((ifa = TAILQ_NEXT(ifa, ifa_link)) != NULL) { 1307 if (af && af != ifa->ifa_addr->sa_family) 1308 continue; 1309 if (jailed(curthread->td_ucred) && |
| 1174 prison_if(curthread->td_ucred, ifa->ifa_addr)) | 1310 !prison_if(curthread->td_ucred, ifa->ifa_addr)) |
| 1175 continue; 1176 info.rti_info[RTAX_IFA] = ifa->ifa_addr; 1177 info.rti_info[RTAX_NETMASK] = ifa->ifa_netmask; 1178 info.rti_info[RTAX_BRD] = ifa->ifa_dstaddr; 1179 len = rt_msg2(RTM_NEWADDR, &info, NULL, w); 1180 if (w->w_req && w->w_tmem) { 1181 struct ifa_msghdr *ifam; 1182 --- 32 unchanged lines hidden (view full) --- 1215 continue; 1216 ifa = ifp->if_addr; 1217 info.rti_info[RTAX_IFP] = ifa ? ifa->ifa_addr : NULL; 1218 IF_ADDR_LOCK(ifp); 1219 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 1220 if (af && af != ifma->ifma_addr->sa_family) 1221 continue; 1222 if (jailed(curproc->p_ucred) && | 1311 continue; 1312 info.rti_info[RTAX_IFA] = ifa->ifa_addr; 1313 info.rti_info[RTAX_NETMASK] = ifa->ifa_netmask; 1314 info.rti_info[RTAX_BRD] = ifa->ifa_dstaddr; 1315 len = rt_msg2(RTM_NEWADDR, &info, NULL, w); 1316 if (w->w_req && w->w_tmem) { 1317 struct ifa_msghdr *ifam; 1318 --- 32 unchanged lines hidden (view full) --- 1351 continue; 1352 ifa = ifp->if_addr; 1353 info.rti_info[RTAX_IFP] = ifa ? ifa->ifa_addr : NULL; 1354 IF_ADDR_LOCK(ifp); 1355 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 1356 if (af && af != ifma->ifma_addr->sa_family) 1357 continue; 1358 if (jailed(curproc->p_ucred) && |
| 1223 prison_if(curproc->p_ucred, ifma->ifma_addr)) | 1359 !prison_if(curproc->p_ucred, ifma->ifma_addr)) |
| 1224 continue; 1225 info.rti_info[RTAX_IFA] = ifma->ifma_addr; 1226 info.rti_info[RTAX_GATEWAY] = 1227 (ifma->ifma_addr->sa_family != AF_LINK) ? 1228 ifma->ifma_lladdr : NULL; 1229 len = rt_msg2(RTM_NEWMADDR, &info, NULL, w); 1230 if (w->w_req && w->w_tmem) { 1231 struct ifma_msghdr *ifmam; --- 107 unchanged lines hidden --- | 1360 continue; 1361 info.rti_info[RTAX_IFA] = ifma->ifma_addr; 1362 info.rti_info[RTAX_GATEWAY] = 1363 (ifma->ifma_addr->sa_family != AF_LINK) ? 1364 ifma->ifma_lladdr : NULL; 1365 len = rt_msg2(RTM_NEWMADDR, &info, NULL, w); 1366 if (w->w_req && w->w_tmem) { 1367 struct ifma_msghdr *ifmam; --- 107 unchanged lines hidden --- |