| raw_ip.c (185101) | raw_ip.c (185435) |
|---|---|
| 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 17 unchanged lines hidden (view full) --- 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 31 */ 32 33#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 17 unchanged lines hidden (view full) --- 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 31 */ 32 33#include <sys/cdefs.h> |
| 34__FBSDID("$FreeBSD: head/sys/netinet/raw_ip.c 185101 2008-11-19 19:19:30Z julian $"); | 34__FBSDID("$FreeBSD: head/sys/netinet/raw_ip.c 185435 2008-11-29 14:32:14Z bz $"); |
| 35 36#include "opt_inet6.h" 37#include "opt_ipsec.h" 38#include "opt_mac.h" 39 40#include <sys/param.h> 41#include <sys/jail.h> 42#include <sys/kernel.h> --- 225 unchanged lines hidden (view full) --- 268 /* XXX inp locking */ 269 if ((inp->inp_vflag & INP_IPV4) == 0) 270 continue; 271#endif 272 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 273 continue; 274 if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) 275 continue; | 35 36#include "opt_inet6.h" 37#include "opt_ipsec.h" 38#include "opt_mac.h" 39 40#include <sys/param.h> 41#include <sys/jail.h> 42#include <sys/kernel.h> --- 225 unchanged lines hidden (view full) --- 268 /* XXX inp locking */ 269 if ((inp->inp_vflag & INP_IPV4) == 0) 270 continue; 271#endif 272 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 273 continue; 274 if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) 275 continue; |
| 276 if (jailed(inp->inp_cred) && 277 (htonl(prison_getip(inp->inp_cred)) != 278 ip->ip_dst.s_addr)) { 279 continue; | 276 if (jailed(inp->inp_cred)) { 277 if (!prison_check_ip4(inp->inp_cred, &ip->ip_dst)) 278 continue; |
| 280 } 281 if (last) { 282 struct mbuf *n; 283 284 n = m_copy(m, 0, (int)M_COPYALL); 285 if (n != NULL) 286 (void) rip_append(last, ip, n, &ripsrc); 287 /* XXX count dropped packet */ --- 11 unchanged lines hidden (view full) --- 299 continue; 300#endif 301 if (inp->inp_laddr.s_addr && 302 inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 303 continue; 304 if (inp->inp_faddr.s_addr && 305 inp->inp_faddr.s_addr != ip->ip_src.s_addr) 306 continue; | 279 } 280 if (last) { 281 struct mbuf *n; 282 283 n = m_copy(m, 0, (int)M_COPYALL); 284 if (n != NULL) 285 (void) rip_append(last, ip, n, &ripsrc); 286 /* XXX count dropped packet */ --- 11 unchanged lines hidden (view full) --- 298 continue; 299#endif 300 if (inp->inp_laddr.s_addr && 301 inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 302 continue; 303 if (inp->inp_faddr.s_addr && 304 inp->inp_faddr.s_addr != ip->ip_src.s_addr) 305 continue; |
| 307 if (jailed(inp->inp_cred) && 308 (htonl(prison_getip(inp->inp_cred)) != 309 ip->ip_dst.s_addr)) { 310 continue; | 306 if (jailed(inp->inp_cred)) { 307 if (!prison_check_ip4(inp->inp_cred, &ip->ip_dst)) 308 continue; |
| 311 } 312 if (last) { 313 struct mbuf *n; 314 315 n = m_copy(m, 0, (int)M_COPYALL); 316 if (n != NULL) 317 (void) rip_append(last, ip, n, &ripsrc); 318 /* XXX count dropped packet */ --- 45 unchanged lines hidden (view full) --- 364 ip = mtod(m, struct ip *); 365 ip->ip_tos = inp->inp_ip_tos; 366 if (inp->inp_flags & INP_DONTFRAG) 367 ip->ip_off = IP_DF; 368 else 369 ip->ip_off = 0; 370 ip->ip_p = inp->inp_ip_p; 371 ip->ip_len = m->m_pkthdr.len; | 309 } 310 if (last) { 311 struct mbuf *n; 312 313 n = m_copy(m, 0, (int)M_COPYALL); 314 if (n != NULL) 315 (void) rip_append(last, ip, n, &ripsrc); 316 /* XXX count dropped packet */ --- 45 unchanged lines hidden (view full) --- 362 ip = mtod(m, struct ip *); 363 ip->ip_tos = inp->inp_ip_tos; 364 if (inp->inp_flags & INP_DONTFRAG) 365 ip->ip_off = IP_DF; 366 else 367 ip->ip_off = 0; 368 ip->ip_p = inp->inp_ip_p; 369 ip->ip_len = m->m_pkthdr.len; |
| 372 if (jailed(inp->inp_cred)) 373 ip->ip_src.s_addr = 374 htonl(prison_getip(inp->inp_cred)); 375 else | 370 if (jailed(inp->inp_cred)) { 371 if (prison_getip4(inp->inp_cred, &ip->ip_src)) { 372 INP_RUNLOCK(inp); 373 m_freem(m); 374 return (EPERM); 375 } 376 } else { |
| 376 ip->ip_src = inp->inp_laddr; | 377 ip->ip_src = inp->inp_laddr; |
| 378 } |
|
| 377 ip->ip_dst.s_addr = dst; 378 ip->ip_ttl = inp->inp_ip_ttl; 379 } else { 380 if (m->m_pkthdr.len > IP_MAXPACKET) { 381 m_freem(m); 382 return(EMSGSIZE); 383 } 384 INP_RLOCK(inp); 385 ip = mtod(m, struct ip *); | 379 ip->ip_dst.s_addr = dst; 380 ip->ip_ttl = inp->inp_ip_ttl; 381 } else { 382 if (m->m_pkthdr.len > IP_MAXPACKET) { 383 m_freem(m); 384 return(EMSGSIZE); 385 } 386 INP_RLOCK(inp); 387 ip = mtod(m, struct ip *); |
| 386 if (jailed(inp->inp_cred)) { 387 if (ip->ip_src.s_addr != 388 htonl(prison_getip(inp->inp_cred))) { 389 INP_RUNLOCK(inp); 390 m_freem(m); 391 return (EPERM); 392 } | 388 if (!prison_check_ip4(inp->inp_cred, &ip->ip_src)) { 389 INP_RUNLOCK(inp); 390 m_freem(m); 391 return (EPERM); |
| 393 } 394 395 /* 396 * Don't allow both user specified and setsockopt options, 397 * and don't allow packet length sizes that will crash. 398 */ 399 if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) 400 || (ip->ip_len > m->m_pkthdr.len) --- 399 unchanged lines hidden (view full) --- 800 INIT_VNET_NET(so->so_vnet); 801 INIT_VNET_INET(so->so_vnet); 802 struct sockaddr_in *addr = (struct sockaddr_in *)nam; 803 struct inpcb *inp; 804 805 if (nam->sa_len != sizeof(*addr)) 806 return (EINVAL); 807 | 392 } 393 394 /* 395 * Don't allow both user specified and setsockopt options, 396 * and don't allow packet length sizes that will crash. 397 */ 398 if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) 399 || (ip->ip_len > m->m_pkthdr.len) --- 399 unchanged lines hidden (view full) --- 799 INIT_VNET_NET(so->so_vnet); 800 INIT_VNET_INET(so->so_vnet); 801 struct sockaddr_in *addr = (struct sockaddr_in *)nam; 802 struct inpcb *inp; 803 804 if (nam->sa_len != sizeof(*addr)) 805 return (EINVAL); 806 |
| 808 if (jailed(td->td_ucred)) { 809 if (addr->sin_addr.s_addr == INADDR_ANY) 810 addr->sin_addr.s_addr = 811 htonl(prison_getip(td->td_ucred)); 812 if (htonl(prison_getip(td->td_ucred)) != addr->sin_addr.s_addr) 813 return (EADDRNOTAVAIL); 814 } | 807 if (!prison_check_ip4(td->td_ucred, &addr->sin_addr)) 808 return (EADDRNOTAVAIL); |
| 815 816 if (TAILQ_EMPTY(&V_ifnet) || 817 (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) || 818 (addr->sin_addr.s_addr && 819 ifa_ifwithaddr((struct sockaddr *)addr) == 0)) 820 return (EADDRNOTAVAIL); 821 822 inp = sotoinpcb(so); --- 194 unchanged lines hidden --- | 809 810 if (TAILQ_EMPTY(&V_ifnet) || 811 (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) || 812 (addr->sin_addr.s_addr && 813 ifa_ifwithaddr((struct sockaddr *)addr) == 0)) 814 return (EADDRNOTAVAIL); 815 816 inp = sotoinpcb(so); --- 194 unchanged lines hidden --- |