Date: Fri, 14 Apr 2017 22:02:08 +0000 (UTC) From: Steven Hartland <smh@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r316944 - in stable/11: . sys/netinet sys/netinet6 Message-ID: <201704142202.v3EM28wG059629@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: smh Date: Fri Apr 14 22:02:08 2017 New Revision: 316944 URL: https://svnweb.freebsd.org/changeset/base/316944 Log: MFC r316313, r316328: Allow explicitly assigned IPv4 & IPv6 loopback addresses to be used in jails. Relnotes: Yes Sponsored by: Multiplay Modified: stable/11/UPDATING stable/11/sys/netinet/in_jail.c stable/11/sys/netinet6/in6_jail.c Directory Properties: stable/11/ (props changed) Modified: stable/11/UPDATING ============================================================================== --- stable/11/UPDATING Fri Apr 14 21:49:20 2017 (r316943) +++ stable/11/UPDATING Fri Apr 14 22:02:08 2017 (r316944) @@ -16,6 +16,11 @@ from older versions of FreeBSD, try WITH the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20170414: + Binds and sends to the loopback addresses, IPv6 and IPv4, will now + use any explicitly assigned loopback address available in the jail + instead of using the first assigned address of the jail. + 20170402: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0. Please see the 20141231 entry below for information about prerequisites Modified: stable/11/sys/netinet/in_jail.c ============================================================================== --- stable/11/sys/netinet/in_jail.c Fri Apr 14 21:49:20 2017 (r316943) +++ stable/11/sys/netinet/in_jail.c Fri Apr 14 22:02:08 2017 (r316944) @@ -306,11 +306,6 @@ prison_local_ip4(struct ucred *cred, str } ia0.s_addr = ntohl(ia->s_addr); - if (ia0.s_addr == INADDR_LOOPBACK) { - ia->s_addr = pr->pr_ip4[0].s_addr; - mtx_unlock(&pr->pr_mtx); - return (0); - } if (ia0.s_addr == INADDR_ANY) { /* @@ -323,6 +318,11 @@ prison_local_ip4(struct ucred *cred, str } error = prison_check_ip4_locked(pr, ia); + if (error == EADDRNOTAVAIL && ia0.s_addr == INADDR_LOOPBACK) { + ia->s_addr = pr->pr_ip4[0].s_addr; + error = 0; + } + mtx_unlock(&pr->pr_mtx); return (error); } @@ -354,7 +354,8 @@ prison_remote_ip4(struct ucred *cred, st return (EAFNOSUPPORT); } - if (ntohl(ia->s_addr) == INADDR_LOOPBACK) { + if (ntohl(ia->s_addr) == INADDR_LOOPBACK && + prison_check_ip4_locked(pr, ia) == EADDRNOTAVAIL) { ia->s_addr = pr->pr_ip4[0].s_addr; mtx_unlock(&pr->pr_mtx); return (0); @@ -370,9 +371,8 @@ prison_remote_ip4(struct ucred *cred, st /* * Check if given address belongs to the jail referenced by cred/prison. * - * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv4. Address passed in in NBO. + * Returns 0 if address belongs to jail, + * EADDRNOTAVAIL if the address doesn't belong to the jail. */ int prison_check_ip4_locked(const struct prison *pr, const struct in_addr *ia) Modified: stable/11/sys/netinet6/in6_jail.c ============================================================================== --- stable/11/sys/netinet6/in6_jail.c Fri Apr 14 21:49:20 2017 (r316943) +++ stable/11/sys/netinet6/in6_jail.c Fri Apr 14 22:02:08 2017 (r316944) @@ -293,12 +293,6 @@ prison_local_ip6(struct ucred *cred, str return (EAFNOSUPPORT); } - if (IN6_IS_ADDR_LOOPBACK(ia6)) { - bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (IN6_IS_ADDR_UNSPECIFIED(ia6)) { /* * In case there is only 1 IPv6 address, and v6only is true, @@ -311,6 +305,11 @@ prison_local_ip6(struct ucred *cred, str } error = prison_check_ip6_locked(pr, ia6); + if (error == EADDRNOTAVAIL && IN6_IS_ADDR_LOOPBACK(ia6)) { + bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); + error = 0; + } + mtx_unlock(&pr->pr_mtx); return (error); } @@ -341,7 +340,8 @@ prison_remote_ip6(struct ucred *cred, st return (EAFNOSUPPORT); } - if (IN6_IS_ADDR_LOOPBACK(ia6)) { + if (IN6_IS_ADDR_LOOPBACK(ia6) && + prison_check_ip6_locked(pr, ia6) == EADDRNOTAVAIL) { bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); mtx_unlock(&pr->pr_mtx); return (0); @@ -357,9 +357,8 @@ prison_remote_ip6(struct ucred *cred, st /* * Check if given address belongs to the jail referenced by cred/prison. * - * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv6. + * Returns 0 if address belongs to jail, + * EADDRNOTAVAIL if the address doesn't belong to the jail. */ int prison_check_ip6_locked(const struct prison *pr, const struct in6_addr *ia6)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704142202.v3EM28wG059629>