Date: Thu, 22 May 2008 08:27:55 GMT From: John Birrell <jb@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 142030 for review Message-ID: <200805220827.m4M8Rt1F097764@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=142030 Change 142030 by jb@freebsd3 on 2008/05/22 08:27:30 IFC Affected files ... .. //depot/projects/dtrace/src/sys/netinet/ip_dummynet.c#11 integrate .. //depot/projects/dtrace/src/sys/netinet/raw_ip.c#17 integrate Differences ... ==== //depot/projects/dtrace/src/sys/netinet/ip_dummynet.c#11 (text+ko) ==== @@ -26,7 +26,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/netinet/ip_dummynet.c,v 1.115 2008/02/27 13:52:33 dwmalone Exp $"); +__FBSDID("$FreeBSD: src/sys/netinet/ip_dummynet.c,v 1.116 2008/05/22 08:10:31 rwatson Exp $"); #define DUMMYNET_DEBUG @@ -63,6 +63,7 @@ #include <sys/mbuf.h> #include <sys/kernel.h> #include <sys/module.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/socket.h> #include <sys/socketvar.h> @@ -2124,6 +2125,10 @@ int error = 0 ; struct dn_pipe *p, tmp_pipe; + error = priv_check(sopt->sopt_td, PRIV_NETINET_DUMMYNET); + if (error) + return (error); + /* Disallow sets in really-really secure mode. */ if (sopt->sopt_dir == SOPT_SET) { #if __FreeBSD_version >= 500034 ==== //depot/projects/dtrace/src/sys/netinet/raw_ip.c#17 (text+ko) ==== @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/netinet/raw_ip.c,v 1.184 2008/05/09 23:02:57 julian Exp $"); +__FBSDID("$FreeBSD: src/sys/netinet/raw_ip.c,v 1.185 2008/05/22 08:10:31 rwatson Exp $"); #include "opt_inet6.h" #include "opt_ipsec.h" @@ -381,13 +381,6 @@ case IP_FW_TABLE_LIST: case IP_FW_NAT_GET_CONFIG: case IP_FW_NAT_GET_LOG: - /* - * XXXRW: Isn't this checked one layer down? Yes, it - * is. - */ - error = priv_check(curthread, PRIV_NETINET_IPFW); - if (error != 0) - return (error); if (ip_fw_ctl_ptr != NULL) error = ip_fw_ctl_ptr(sopt); else @@ -395,9 +388,6 @@ break; case IP_DUMMYNET_GET: - error = priv_check(curthread, PRIV_NETINET_DUMMYNET); - if (error != 0) - return (error); if (ip_dn_ctl_ptr != NULL) error = ip_dn_ctl_ptr(sopt); else @@ -452,12 +442,6 @@ case IP_FW_TABLE_FLUSH: case IP_FW_NAT_CFG: case IP_FW_NAT_DEL: - /* - * XXXRW: Isn't this checked one layer down? - */ - error = priv_check(curthread, PRIV_NETINET_IPFW); - if (error != 0) - return (error); if (ip_fw_ctl_ptr != NULL) error = ip_fw_ctl_ptr(sopt); else @@ -467,9 +451,6 @@ case IP_DUMMYNET_CONFIGURE: case IP_DUMMYNET_DEL: case IP_DUMMYNET_FLUSH: - error = priv_check(curthread, PRIV_NETINET_DUMMYNET); - if (error != 0) - return (error); if (ip_dn_ctl_ptr != NULL) error = ip_dn_ctl_ptr(sopt); else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805220827.m4M8Rt1F097764>