| in_pcb.c (16b9056593f90eb2609a2655d68dbcf03b221a6e) | in_pcb.c (9ac7c6cfed7262ebe46ad5b43978cc96ae333b8e) |
|---|---|
| 1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1991, 1993, 1995 5 * The Regents of the University of California. 6 * Copyright (c) 2007-2009 Robert N. M. Watson 7 * Copyright (c) 2010-2011 Juniper Networks, Inc. 8 * All rights reserved. --- 74 unchanged lines hidden (view full) --- 83#include <net/rss_config.h> 84#include <net/vnet.h> 85 86#if defined(INET) || defined(INET6) 87#include <netinet/in.h> 88#include <netinet/in_pcb.h> 89#ifdef INET 90#include <netinet/in_var.h> | 1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1991, 1993, 1995 5 * The Regents of the University of California. 6 * Copyright (c) 2007-2009 Robert N. M. Watson 7 * Copyright (c) 2010-2011 Juniper Networks, Inc. 8 * All rights reserved. --- 74 unchanged lines hidden (view full) --- 83#include <net/rss_config.h> 84#include <net/vnet.h> 85 86#if defined(INET) || defined(INET6) 87#include <netinet/in.h> 88#include <netinet/in_pcb.h> 89#ifdef INET 90#include <netinet/in_var.h> |
| 91#include <netinet/in_fib.h> |
|
| 91#endif 92#include <netinet/ip_var.h> 93#include <netinet/tcp_var.h> 94#ifdef TCPHPTS 95#include <netinet/tcp_hpts.h> 96#endif 97#include <netinet/udp.h> 98#include <netinet/udp_var.h> 99#ifdef INET6 100#include <netinet/ip6.h> 101#include <netinet6/in6_pcb.h> 102#include <netinet6/in6_var.h> 103#include <netinet6/ip6_var.h> 104#endif /* INET6 */ | 92#endif 93#include <netinet/ip_var.h> 94#include <netinet/tcp_var.h> 95#ifdef TCPHPTS 96#include <netinet/tcp_hpts.h> 97#endif 98#include <netinet/udp.h> 99#include <netinet/udp_var.h> 100#ifdef INET6 101#include <netinet/ip6.h> 102#include <netinet6/in6_pcb.h> 103#include <netinet6/in6_var.h> 104#include <netinet6/ip6_var.h> 105#endif /* INET6 */ |
| 106#include <net/route/nhop.h> |
|
| 105#endif 106 107#include <netipsec/ipsec_support.h> 108 109#include <security/mac/mac_framework.h> 110 111#define INPCBLBGROUP_SIZMIN 8 112#define INPCBLBGROUP_SIZMAX 256 --- 915 unchanged lines hidden (view full) --- 1028 * of connect. Take jails into account as well. 1029 */ 1030int 1031in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_addr *laddr, 1032 struct ucred *cred) 1033{ 1034 struct ifaddr *ifa; 1035 struct sockaddr *sa; | 107#endif 108 109#include <netipsec/ipsec_support.h> 110 111#include <security/mac/mac_framework.h> 112 113#define INPCBLBGROUP_SIZMIN 8 114#define INPCBLBGROUP_SIZMAX 256 --- 915 unchanged lines hidden (view full) --- 1030 * of connect. Take jails into account as well. 1031 */ 1032int 1033in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_addr *laddr, 1034 struct ucred *cred) 1035{ 1036 struct ifaddr *ifa; 1037 struct sockaddr *sa; |
| 1036 struct sockaddr_in *sin; 1037 struct route sro; | 1038 struct sockaddr_in *sin, dst; 1039 struct nhop_object *nh; |
| 1038 int error; 1039 1040 NET_EPOCH_ASSERT(); 1041 KASSERT(laddr != NULL, ("%s: laddr NULL", __func__)); 1042 /* 1043 * Bypass source address selection and use the primary jail IP 1044 * if requested. 1045 */ 1046 if (cred != NULL && !prison_saddrsel_ip4(cred, laddr)) 1047 return (0); 1048 1049 error = 0; | 1040 int error; 1041 1042 NET_EPOCH_ASSERT(); 1043 KASSERT(laddr != NULL, ("%s: laddr NULL", __func__)); 1044 /* 1045 * Bypass source address selection and use the primary jail IP 1046 * if requested. 1047 */ 1048 if (cred != NULL && !prison_saddrsel_ip4(cred, laddr)) 1049 return (0); 1050 1051 error = 0; |
| 1050 bzero(&sro, sizeof(sro)); | |
| 1051 | 1052 |
| 1052 sin = (struct sockaddr_in *)&sro.ro_dst; | 1053 nh = NULL; 1054 bzero(&dst, sizeof(dst)); 1055 sin = &dst; |
| 1053 sin->sin_family = AF_INET; 1054 sin->sin_len = sizeof(struct sockaddr_in); 1055 sin->sin_addr.s_addr = faddr->s_addr; 1056 1057 /* 1058 * If route is known our src addr is taken from the i/f, 1059 * else punt. 1060 * 1061 * Find out route to destination. 1062 */ 1063 if ((inp->inp_socket->so_options & SO_DONTROUTE) == 0) | 1056 sin->sin_family = AF_INET; 1057 sin->sin_len = sizeof(struct sockaddr_in); 1058 sin->sin_addr.s_addr = faddr->s_addr; 1059 1060 /* 1061 * If route is known our src addr is taken from the i/f, 1062 * else punt. 1063 * 1064 * Find out route to destination. 1065 */ 1066 if ((inp->inp_socket->so_options & SO_DONTROUTE) == 0) |
| 1064 in_rtalloc_ign(&sro, 0, inp->inp_inc.inc_fibnum); | 1067 nh = fib4_lookup(inp->inp_inc.inc_fibnum, *faddr, 1068 0, NHR_NONE, 0); |
| 1065 1066 /* 1067 * If we found a route, use the address corresponding to 1068 * the outgoing interface. 1069 * 1070 * Otherwise assume faddr is reachable on a directly connected 1071 * network and try to find a corresponding interface to take 1072 * the source address from. 1073 */ | 1069 1070 /* 1071 * If we found a route, use the address corresponding to 1072 * the outgoing interface. 1073 * 1074 * Otherwise assume faddr is reachable on a directly connected 1075 * network and try to find a corresponding interface to take 1076 * the source address from. 1077 */ |
| 1074 if (sro.ro_rt == NULL || sro.ro_rt->rt_ifp == NULL) { | 1078 if (nh == NULL || nh->nh_ifp == NULL) { |
| 1075 struct in_ifaddr *ia; 1076 struct ifnet *ifp; 1077 1078 ia = ifatoia(ifa_ifwithdstaddr((struct sockaddr *)sin, 1079 inp->inp_socket->so_fibnum)); 1080 if (ia == NULL) { 1081 ia = ifatoia(ifa_ifwithnet((struct sockaddr *)sin, 0, 1082 inp->inp_socket->so_fibnum)); --- 36 unchanged lines hidden (view full) --- 1119 * If the outgoing interface on the route found is not 1120 * a loopback interface, use the address from that interface. 1121 * In case of jails do those three steps: 1122 * 1. check if the interface address belongs to the jail. If so use it. 1123 * 2. check if we have any address on the outgoing interface 1124 * belonging to this jail. If so use it. 1125 * 3. as a last resort return the 'default' jail address. 1126 */ | 1079 struct in_ifaddr *ia; 1080 struct ifnet *ifp; 1081 1082 ia = ifatoia(ifa_ifwithdstaddr((struct sockaddr *)sin, 1083 inp->inp_socket->so_fibnum)); 1084 if (ia == NULL) { 1085 ia = ifatoia(ifa_ifwithnet((struct sockaddr *)sin, 0, 1086 inp->inp_socket->so_fibnum)); --- 36 unchanged lines hidden (view full) --- 1123 * If the outgoing interface on the route found is not 1124 * a loopback interface, use the address from that interface. 1125 * In case of jails do those three steps: 1126 * 1. check if the interface address belongs to the jail. If so use it. 1127 * 2. check if we have any address on the outgoing interface 1128 * belonging to this jail. If so use it. 1129 * 3. as a last resort return the 'default' jail address. 1130 */ |
| 1127 if ((sro.ro_rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) { | 1131 if ((nh->nh_ifp->if_flags & IFF_LOOPBACK) == 0) { |
| 1128 struct in_ifaddr *ia; 1129 struct ifnet *ifp; 1130 1131 /* If not jailed, use the default returned. */ 1132 if (cred == NULL || !prison_flag(cred, PR_IP4)) { | 1132 struct in_ifaddr *ia; 1133 struct ifnet *ifp; 1134 1135 /* If not jailed, use the default returned. */ 1136 if (cred == NULL || !prison_flag(cred, PR_IP4)) { |
| 1133 ia = (struct in_ifaddr *)sro.ro_rt->rt_ifa; | 1137 ia = (struct in_ifaddr *)nh->nh_ifa; |
| 1134 laddr->s_addr = ia->ia_addr.sin_addr.s_addr; 1135 goto done; 1136 } 1137 1138 /* Jailed. */ 1139 /* 1. Check if the iface address belongs to the jail. */ | 1138 laddr->s_addr = ia->ia_addr.sin_addr.s_addr; 1139 goto done; 1140 } 1141 1142 /* Jailed. */ 1143 /* 1. Check if the iface address belongs to the jail. */ |
| 1140 sin = (struct sockaddr_in *)sro.ro_rt->rt_ifa->ifa_addr; | 1144 sin = (struct sockaddr_in *)nh->nh_ifa->ifa_addr; |
| 1141 if (prison_check_ip4(cred, &sin->sin_addr) == 0) { | 1145 if (prison_check_ip4(cred, &sin->sin_addr) == 0) { |
| 1142 ia = (struct in_ifaddr *)sro.ro_rt->rt_ifa; | 1146 ia = (struct in_ifaddr *)nh->nh_ifa; |
| 1143 laddr->s_addr = ia->ia_addr.sin_addr.s_addr; 1144 goto done; 1145 } 1146 1147 /* 1148 * 2. Check if we have any address on the outgoing interface 1149 * belonging to this jail. 1150 */ 1151 ia = NULL; | 1147 laddr->s_addr = ia->ia_addr.sin_addr.s_addr; 1148 goto done; 1149 } 1150 1151 /* 1152 * 2. Check if we have any address on the outgoing interface 1153 * belonging to this jail. 1154 */ 1155 ia = NULL; |
| 1152 ifp = sro.ro_rt->rt_ifp; | 1156 ifp = nh->nh_ifp; |
| 1153 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1154 sa = ifa->ifa_addr; 1155 if (sa->sa_family != AF_INET) 1156 continue; 1157 sin = (struct sockaddr_in *)sa; 1158 if (prison_check_ip4(cred, &sin->sin_addr) == 0) { 1159 ia = (struct in_ifaddr *)ifa; 1160 break; --- 13 unchanged lines hidden (view full) --- 1174 * The outgoing interface is marked with 'loopback net', so a route 1175 * to ourselves is here. 1176 * Try to find the interface of the destination address and then 1177 * take the address from there. That interface is not necessarily 1178 * a loopback interface. 1179 * In case of jails, check that it is an address of the jail 1180 * and if we cannot find, fall back to the 'default' jail address. 1181 */ | 1157 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1158 sa = ifa->ifa_addr; 1159 if (sa->sa_family != AF_INET) 1160 continue; 1161 sin = (struct sockaddr_in *)sa; 1162 if (prison_check_ip4(cred, &sin->sin_addr) == 0) { 1163 ia = (struct in_ifaddr *)ifa; 1164 break; --- 13 unchanged lines hidden (view full) --- 1178 * The outgoing interface is marked with 'loopback net', so a route 1179 * to ourselves is here. 1180 * Try to find the interface of the destination address and then 1181 * take the address from there. That interface is not necessarily 1182 * a loopback interface. 1183 * In case of jails, check that it is an address of the jail 1184 * and if we cannot find, fall back to the 'default' jail address. 1185 */ |
| 1182 if ((sro.ro_rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 1183 struct sockaddr_in sain; | 1186 if ((nh->nh_ifp->if_flags & IFF_LOOPBACK) != 0) { |
| 1184 struct in_ifaddr *ia; 1185 | 1187 struct in_ifaddr *ia; 1188 |
| 1186 bzero(&sain, sizeof(struct sockaddr_in)); 1187 sain.sin_family = AF_INET; 1188 sain.sin_len = sizeof(struct sockaddr_in); 1189 sain.sin_addr.s_addr = faddr->s_addr; 1190 1191 ia = ifatoia(ifa_ifwithdstaddr(sintosa(&sain), | 1189 ia = ifatoia(ifa_ifwithdstaddr(sintosa(&dst), |
| 1192 inp->inp_socket->so_fibnum)); 1193 if (ia == NULL) | 1190 inp->inp_socket->so_fibnum)); 1191 if (ia == NULL) |
| 1194 ia = ifatoia(ifa_ifwithnet(sintosa(&sain), 0, | 1192 ia = ifatoia(ifa_ifwithnet(sintosa(&dst), 0, |
| 1195 inp->inp_socket->so_fibnum)); 1196 if (ia == NULL) | 1193 inp->inp_socket->so_fibnum)); 1194 if (ia == NULL) |
| 1197 ia = ifatoia(ifa_ifwithaddr(sintosa(&sain))); | 1195 ia = ifatoia(ifa_ifwithaddr(sintosa(&dst))); |
| 1198 1199 if (cred == NULL || !prison_flag(cred, PR_IP4)) { 1200 if (ia == NULL) { 1201 error = ENETUNREACH; 1202 goto done; 1203 } 1204 laddr->s_addr = ia->ia_addr.sin_addr.s_addr; 1205 goto done; --- 23 unchanged lines hidden (view full) --- 1229 } 1230 1231 /* 3. As a last resort return the 'default' jail address. */ 1232 error = prison_get_ip4(cred, laddr); 1233 goto done; 1234 } 1235 1236done: | 1196 1197 if (cred == NULL || !prison_flag(cred, PR_IP4)) { 1198 if (ia == NULL) { 1199 error = ENETUNREACH; 1200 goto done; 1201 } 1202 laddr->s_addr = ia->ia_addr.sin_addr.s_addr; 1203 goto done; --- 23 unchanged lines hidden (view full) --- 1227 } 1228 1229 /* 3. As a last resort return the 'default' jail address. */ 1230 error = prison_get_ip4(cred, laddr); 1231 goto done; 1232 } 1233 1234done: |
| 1237 if (sro.ro_rt != NULL) 1238 RTFREE(sro.ro_rt); | |
| 1239 return (error); 1240} 1241 1242/* 1243 * Set up for a connect from a socket to the specified address. 1244 * On entry, *laddrp and *lportp should contain the current local 1245 * address and port for the PCB; these are updated to the values 1246 * that should be placed in inp_laddr and inp_lport to complete --- 2229 unchanged lines hidden --- | 1235 return (error); 1236} 1237 1238/* 1239 * Set up for a connect from a socket to the specified address. 1240 * On entry, *laddrp and *lportp should contain the current local 1241 * address and port for the PCB; these are updated to the values 1242 * that should be placed in inp_laddr and inp_lport to complete --- 2229 unchanged lines hidden --- |