Deleted Added
sdiff udiff text old ( 163606 ) new ( 164033 )
full compact
raw_ip.c (163606) raw_ip.c (164033)
1/*-
2 * Copyright (c) 1982, 1986, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright

--- 13 unchanged lines hidden (view full) ---

22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95
1/*-
2 * Copyright (c) 1982, 1986, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright

--- 13 unchanged lines hidden (view full) ---

22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95
30 * $FreeBSD: head/sys/netinet/raw_ip.c 163606 2006-10-22 11:52:19Z rwatson $
30 * $FreeBSD: head/sys/netinet/raw_ip.c 164033 2006-11-06 13:42:10Z rwatson $
31 */
32
33#include "opt_inet6.h"
34#include "opt_ipsec.h"
35#include "opt_mac.h"
36
37#include <sys/param.h>
38#include <sys/jail.h>
39#include <sys/kernel.h>
40#include <sys/lock.h>
41#include <sys/malloc.h>
42#include <sys/mbuf.h>
31 */
32
33#include "opt_inet6.h"
34#include "opt_ipsec.h"
35#include "opt_mac.h"
36
37#include <sys/param.h>
38#include <sys/jail.h>
39#include <sys/kernel.h>
40#include <sys/lock.h>
41#include <sys/malloc.h>
42#include <sys/mbuf.h>
43#include <sys/priv.h>
43#include <sys/proc.h>
44#include <sys/protosw.h>
45#include <sys/signalvar.h>
46#include <sys/socket.h>
47#include <sys/socketvar.h>
48#include <sys/sx.h>
49#include <sys/sysctl.h>
50#include <sys/systm.h>

--- 331 unchanged lines hidden (view full) ---

382 optval = inp->inp_flags & INP_HDRINCL;
383 error = sooptcopyout(sopt, &optval, sizeof optval);
384 break;
385
386 case IP_FW_ADD: /* ADD actually returns the body... */
387 case IP_FW_GET:
388 case IP_FW_TABLE_GETSIZE:
389 case IP_FW_TABLE_LIST:
44#include <sys/proc.h>
45#include <sys/protosw.h>
46#include <sys/signalvar.h>
47#include <sys/socket.h>
48#include <sys/socketvar.h>
49#include <sys/sx.h>
50#include <sys/sysctl.h>
51#include <sys/systm.h>

--- 331 unchanged lines hidden (view full) ---

383 optval = inp->inp_flags & INP_HDRINCL;
384 error = sooptcopyout(sopt, &optval, sizeof optval);
385 break;
386
387 case IP_FW_ADD: /* ADD actually returns the body... */
388 case IP_FW_GET:
389 case IP_FW_TABLE_GETSIZE:
390 case IP_FW_TABLE_LIST:
390 error = suser(curthread);
391 /*
392 * XXXRW: Isn't this checked one layer down? Yes, it
393 * is.
394 */
395 error = priv_check(curthread, PRIV_NETINET_IPFW);
391 if (error != 0)
392 return (error);
393 if (ip_fw_ctl_ptr != NULL)
394 error = ip_fw_ctl_ptr(sopt);
395 else
396 error = ENOPROTOOPT;
397 break;
398
399 case IP_DUMMYNET_GET:
396 if (error != 0)
397 return (error);
398 if (ip_fw_ctl_ptr != NULL)
399 error = ip_fw_ctl_ptr(sopt);
400 else
401 error = ENOPROTOOPT;
402 break;
403
404 case IP_DUMMYNET_GET:
400 error = suser(curthread);
405 error = priv_check(curthread, PRIV_NETINET_DUMMYNET);
401 if (error != 0)
402 return (error);
403 if (ip_dn_ctl_ptr != NULL)
404 error = ip_dn_ctl_ptr(sopt);
405 else
406 error = ENOPROTOOPT;
407 break ;
408

--- 4 unchanged lines hidden (view full) ---

413 case MRT_ADD_MFC:
414 case MRT_DEL_MFC:
415 case MRT_VERSION:
416 case MRT_ASSERT:
417 case MRT_API_SUPPORT:
418 case MRT_API_CONFIG:
419 case MRT_ADD_BW_UPCALL:
420 case MRT_DEL_BW_UPCALL:
406 if (error != 0)
407 return (error);
408 if (ip_dn_ctl_ptr != NULL)
409 error = ip_dn_ctl_ptr(sopt);
410 else
411 error = ENOPROTOOPT;
412 break ;
413

--- 4 unchanged lines hidden (view full) ---

418 case MRT_ADD_MFC:
419 case MRT_DEL_MFC:
420 case MRT_VERSION:
421 case MRT_ASSERT:
422 case MRT_API_SUPPORT:
423 case MRT_API_CONFIG:
424 case MRT_ADD_BW_UPCALL:
425 case MRT_DEL_BW_UPCALL:
421 error = suser(curthread);
426 error = priv_check(curthread, PRIV_NETINET_MROUTE);
422 if (error != 0)
423 return (error);
424 error = ip_mrouter_get ? ip_mrouter_get(so, sopt) :
425 EOPNOTSUPP;
426 break;
427
428 default:
429 error = ip_ctloutput(so, sopt);

--- 17 unchanged lines hidden (view full) ---

447 case IP_FW_ADD:
448 case IP_FW_DEL:
449 case IP_FW_FLUSH:
450 case IP_FW_ZERO:
451 case IP_FW_RESETLOG:
452 case IP_FW_TABLE_ADD:
453 case IP_FW_TABLE_DEL:
454 case IP_FW_TABLE_FLUSH:
427 if (error != 0)
428 return (error);
429 error = ip_mrouter_get ? ip_mrouter_get(so, sopt) :
430 EOPNOTSUPP;
431 break;
432
433 default:
434 error = ip_ctloutput(so, sopt);

--- 17 unchanged lines hidden (view full) ---

452 case IP_FW_ADD:
453 case IP_FW_DEL:
454 case IP_FW_FLUSH:
455 case IP_FW_ZERO:
456 case IP_FW_RESETLOG:
457 case IP_FW_TABLE_ADD:
458 case IP_FW_TABLE_DEL:
459 case IP_FW_TABLE_FLUSH:
455 error = suser(curthread);
460 /*
461 * XXXRW: Isn't this checked one layer down?
462 */
463 error = priv_check(curthread, PRIV_NETINET_IPFW);
456 if (error != 0)
457 return (error);
458 if (ip_fw_ctl_ptr != NULL)
459 error = ip_fw_ctl_ptr(sopt);
460 else
461 error = ENOPROTOOPT;
462 break;
463
464 case IP_DUMMYNET_CONFIGURE:
465 case IP_DUMMYNET_DEL:
466 case IP_DUMMYNET_FLUSH:
464 if (error != 0)
465 return (error);
466 if (ip_fw_ctl_ptr != NULL)
467 error = ip_fw_ctl_ptr(sopt);
468 else
469 error = ENOPROTOOPT;
470 break;
471
472 case IP_DUMMYNET_CONFIGURE:
473 case IP_DUMMYNET_DEL:
474 case IP_DUMMYNET_FLUSH:
467 error = suser(curthread);
475 error = priv_check(curthread, PRIV_NETINET_DUMMYNET);
468 if (error != 0)
469 return (error);
470 if (ip_dn_ctl_ptr != NULL)
471 error = ip_dn_ctl_ptr(sopt);
472 else
473 error = ENOPROTOOPT ;
474 break ;
475
476 case IP_RSVP_ON:
476 if (error != 0)
477 return (error);
478 if (ip_dn_ctl_ptr != NULL)
479 error = ip_dn_ctl_ptr(sopt);
480 else
481 error = ENOPROTOOPT ;
482 break ;
483
484 case IP_RSVP_ON:
477 error = suser(curthread);
485 error = priv_check(curthread, PRIV_NETINET_MROUTE);
478 if (error != 0)
479 return (error);
480 error = ip_rsvp_init(so);
481 break;
482
483 case IP_RSVP_OFF:
486 if (error != 0)
487 return (error);
488 error = ip_rsvp_init(so);
489 break;
490
491 case IP_RSVP_OFF:
484 error = suser(curthread);
492 error = priv_check(curthread, PRIV_NETINET_MROUTE);
485 if (error != 0)
486 return (error);
487 error = ip_rsvp_done();
488 break;
489
490 case IP_RSVP_VIF_ON:
491 case IP_RSVP_VIF_OFF:
493 if (error != 0)
494 return (error);
495 error = ip_rsvp_done();
496 break;
497
498 case IP_RSVP_VIF_ON:
499 case IP_RSVP_VIF_OFF:
492 error = suser(curthread);
500 error = priv_check(curthread, PRIV_NETINET_MROUTE);
493 if (error != 0)
494 return (error);
495 error = ip_rsvp_vif ?
496 ip_rsvp_vif(so, sopt) : EINVAL;
497 break;
498
499 case MRT_INIT:
500 case MRT_DONE:
501 case MRT_ADD_VIF:
502 case MRT_DEL_VIF:
503 case MRT_ADD_MFC:
504 case MRT_DEL_MFC:
505 case MRT_VERSION:
506 case MRT_ASSERT:
507 case MRT_API_SUPPORT:
508 case MRT_API_CONFIG:
509 case MRT_ADD_BW_UPCALL:
510 case MRT_DEL_BW_UPCALL:
501 if (error != 0)
502 return (error);
503 error = ip_rsvp_vif ?
504 ip_rsvp_vif(so, sopt) : EINVAL;
505 break;
506
507 case MRT_INIT:
508 case MRT_DONE:
509 case MRT_ADD_VIF:
510 case MRT_DEL_VIF:
511 case MRT_ADD_MFC:
512 case MRT_DEL_MFC:
513 case MRT_VERSION:
514 case MRT_ASSERT:
515 case MRT_API_SUPPORT:
516 case MRT_API_CONFIG:
517 case MRT_ADD_BW_UPCALL:
518 case MRT_DEL_BW_UPCALL:
511 error = suser(curthread);
519 error = priv_check(curthread, PRIV_NETINET_MROUTE);
512 if (error != 0)
513 return (error);
514 error = ip_mrouter_set ? ip_mrouter_set(so, sopt) :
515 EOPNOTSUPP;
516 break;
517
518 default:
519 error = ip_ctloutput(so, sopt);

--- 73 unchanged lines hidden (view full) ---

593static int
594rip_attach(struct socket *so, int proto, struct thread *td)
595{
596 struct inpcb *inp;
597 int error;
598
599 inp = sotoinpcb(so);
600 KASSERT(inp == NULL, ("rip_attach: inp != NULL"));
520 if (error != 0)
521 return (error);
522 error = ip_mrouter_set ? ip_mrouter_set(so, sopt) :
523 EOPNOTSUPP;
524 break;
525
526 default:
527 error = ip_ctloutput(so, sopt);

--- 73 unchanged lines hidden (view full) ---

601static int
602rip_attach(struct socket *so, int proto, struct thread *td)
603{
604 struct inpcb *inp;
605 int error;
606
607 inp = sotoinpcb(so);
608 KASSERT(inp == NULL, ("rip_attach: inp != NULL"));
609 /*
610 * XXXRW: Centralize privilege decision in kern_jail.c.
611 */
601 if (jailed(td->td_ucred) && !jail_allow_raw_sockets)
602 return (EPERM);
612 if (jailed(td->td_ucred) && !jail_allow_raw_sockets)
613 return (EPERM);
603 if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0)
614 error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW,
615 SUSER_ALLOWJAIL);
616 if (error)
604 return error;
605 if (proto >= IPPROTO_MAX || proto < 0)
606 return EPROTONOSUPPORT;
607 error = soreserve(so, rip_sendspace, rip_recvspace);
608 if (error)
609 return error;
610 INP_INFO_WLOCK(&ripcbinfo);
611 error = in_pcballoc(so, &ripcbinfo);

--- 325 unchanged lines hidden --- 		617 return error;
618 if (proto >= IPPROTO_MAX || proto < 0)
619 return EPROTONOSUPPORT;
620 error = soreserve(so, rip_sendspace, rip_recvspace);
621 if (error)
622 return error;
623 INP_INFO_WLOCK(&ripcbinfo);
624 error = in_pcballoc(so, &ripcbinfo);

--- 325 unchanged lines hidden ---