Date: Mon, 26 May 2014 22:54:15 +0000 (UTC) From: Steven Hartland <smh@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r266718 - stable/10/sys/netinet Message-ID: <201405262254.s4QMsFJx019434@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: smh Date: Mon May 26 22:54:15 2014 New Revision: 266718 URL: http://svnweb.freebsd.org/changeset/base/266718 Log: MFC r264879 Fix jailed raw sockets not setting the correct source address by calling in_pcbladdr instead of prison_get_ip4. Sponsored by: Multiplay Modified: stable/10/sys/netinet/in_pcb.c stable/10/sys/netinet/in_pcb.h stable/10/sys/netinet/raw_ip.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet/in_pcb.c ============================================================================== --- stable/10/sys/netinet/in_pcb.c Mon May 26 22:27:14 2014 (r266717) +++ stable/10/sys/netinet/in_pcb.c Mon May 26 22:54:15 2014 (r266718) @@ -694,7 +694,7 @@ in_pcbconnect(struct inpcb *inp, struct * Do proper source address selection on an unbound socket in case * of connect. Take jails into account as well. */ -static int +int in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_addr *laddr, struct ucred *cred) { Modified: stable/10/sys/netinet/in_pcb.h ============================================================================== --- stable/10/sys/netinet/in_pcb.h Mon May 26 22:27:14 2014 (r266717) +++ stable/10/sys/netinet/in_pcb.h Mon May 26 22:54:15 2014 (r266718) @@ -636,6 +636,8 @@ void in_pcbdrop(struct inpcb *); void in_pcbfree(struct inpcb *); int in_pcbinshash(struct inpcb *); int in_pcbinshash_nopcbgroup(struct inpcb *); +int in_pcbladdr(struct inpcb *, struct in_addr *, struct in_addr *, + struct ucred *); struct inpcb * in_pcblookup_local(struct inpcbinfo *, struct in_addr, u_short, int, struct ucred *); Modified: stable/10/sys/netinet/raw_ip.c ============================================================================== --- stable/10/sys/netinet/raw_ip.c Mon May 26 22:27:14 2014 (r266717) +++ stable/10/sys/netinet/raw_ip.c Mon May 26 22:54:15 2014 (r266718) @@ -453,26 +453,26 @@ rip_output(struct mbuf *m, struct socket ip->ip_p = inp->inp_ip_p; ip->ip_len = htons(m->m_pkthdr.len); ip->ip_src = inp->inp_laddr; + ip->ip_dst.s_addr = dst; if (jailed(inp->inp_cred)) { /* * prison_local_ip4() would be good enough but would * let a source of INADDR_ANY pass, which we do not - * want to see from jails. We do not go through the - * pain of in_pcbladdr() for raw sockets. + * want to see from jails. */ - if (ip->ip_src.s_addr == INADDR_ANY) - error = prison_get_ip4(inp->inp_cred, - &ip->ip_src); - else + if (ip->ip_src.s_addr == INADDR_ANY) { + error = in_pcbladdr(inp, &ip->ip_dst, &ip->ip_src, + inp->inp_cred); + } else { error = prison_local_ip4(inp->inp_cred, &ip->ip_src); + } if (error != 0) { INP_RUNLOCK(inp); m_freem(m); return (error); } } - ip->ip_dst.s_addr = dst; ip->ip_ttl = inp->inp_ip_ttl; } else { if (m->m_pkthdr.len > IP_MAXPACKET) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405262254.s4QMsFJx019434>