Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.81 retrieving revision 1.96.4.1 diff -u -p -r1.81 -r1.96.4.1 --- src/sys/netinet/raw_ip.c 2004/09/04 23:30:07 1.81 +++ src/sys/netinet/raw_ip.c 2007/07/11 20:11:26 1.96.4.1 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip.c,v 1.81 2004/09/04 23:30:07 manu Exp $ */ +/* $NetBSD: raw_ip.c,v 1.96.4.1 2007/07/11 20:11:26 mjf Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,13 +61,14 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.81 2004/09/04 23:30:07 manu Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.96.4.1 2007/07/11 20:11:26 mjf Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" #include "opt_mrouting.h" #include +#include #include #include #include @@ -76,6 +77,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 #include #include #include +#include #include #include @@ -87,6 +89,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 #include #include #include +#include #include #include @@ -102,11 +105,11 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 struct inpcbtable rawcbtable; -int rip_pcbnotify __P((struct inpcbtable *, struct in_addr, - struct in_addr, int, int, void (*) __P((struct inpcb *, int)))); -int rip_bind __P((struct inpcb *, struct mbuf *)); -int rip_connect __P((struct inpcb *, struct mbuf *)); -void rip_disconnect __P((struct inpcb *)); +int rip_pcbnotify(struct inpcbtable *, struct in_addr, + struct in_addr, int, int, void (*)(struct inpcb *, int)); +int rip_bind(struct inpcb *, struct mbuf *); +int rip_connect(struct inpcb *, struct mbuf *); +void rip_disconnect(struct inpcb *); /* * Nominal space allocated to a raw ip socket. @@ -122,7 +125,7 @@ void rip_disconnect __P((struct inpcb * * Initialize raw connection block q. */ void -rip_init() +rip_init(void) { in_pcbinit(&rawcbtable, 1, 1); @@ -140,8 +143,8 @@ rip_input(struct mbuf *m, ...) struct ip *ip = mtod(m, struct ip *); struct inpcb_hdr *inph; struct inpcb *inp; - struct inpcb *last = 0; - struct mbuf *opts = 0; + struct inpcb *last = NULL; + struct mbuf *n, *opts = NULL; struct sockaddr_in ripsrc; va_list ap; @@ -150,11 +153,7 @@ rip_input(struct mbuf *m, ...) proto = va_arg(ap, int); va_end(ap); - ripsrc.sin_family = AF_INET; - ripsrc.sin_len = sizeof(struct sockaddr_in); - ripsrc.sin_addr = ip->ip_src; - ripsrc.sin_port = 0; - bzero((caddr_t)ripsrc.sin_zero, sizeof(ripsrc.sin_zero)); + sockaddr_in_init(&ripsrc, &ip->ip_src, 0); /* * XXX Compatibility: programs using raw IP expect ip_len @@ -176,43 +175,41 @@ rip_input(struct mbuf *m, ...) if (!in_nullhost(inp->inp_faddr) && !in_hosteq(inp->inp_faddr, ip->ip_src)) continue; - if (last) { - struct mbuf *n; - + if (last == NULL) + ; #if defined(IPSEC) || defined(FAST_IPSEC) - /* check AH/ESP integrity. */ - if (ipsec4_in_reject_so(m, last->inp_socket)) { - ipsecstat.in_polvio++; - /* do not inject data to pcb */ - } else + /* check AH/ESP integrity. */ + else if (ipsec4_in_reject_so(m, last->inp_socket)) { + ipsecstat.in_polvio++; + /* do not inject data to pcb */ + } #endif /*IPSEC*/ - if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { - if (last->inp_flags & INP_CONTROLOPTS || - last->inp_socket->so_options & SO_TIMESTAMP) - ip_savecontrol(last, &opts, ip, n); - if (sbappendaddr(&last->inp_socket->so_rcv, - sintosa(&ripsrc), n, opts) == 0) { - /* should notify about lost packet */ - m_freem(n); - if (opts) - m_freem(opts); - } else - sorwakeup(last->inp_socket); - opts = NULL; - } + else if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { + if (last->inp_flags & INP_CONTROLOPTS || + last->inp_socket->so_options & SO_TIMESTAMP) + ip_savecontrol(last, &opts, ip, n); + if (sbappendaddr(&last->inp_socket->so_rcv, + sintosa(&ripsrc), n, opts) == 0) { + /* should notify about lost packet */ + m_freem(n); + if (opts) + m_freem(opts); + } else + sorwakeup(last->inp_socket); + opts = NULL; } last = inp; } #if defined(IPSEC) || defined(FAST_IPSEC) /* check AH/ESP integrity. */ - if (last && ipsec4_in_reject_so(m, last->inp_socket)) { + if (last != NULL && ipsec4_in_reject_so(m, last->inp_socket)) { m_freem(m); ipsecstat.in_polvio++; ipstat.ips_delivered--; /* do not inject data to pcb */ } else #endif /*IPSEC*/ - if (last) { + if (last != NULL) { if (last->inp_flags & INP_CONTROLOPTS || last->inp_socket->so_options & SO_TIMESTAMP) ip_savecontrol(last, &opts, ip, m); @@ -223,25 +220,20 @@ rip_input(struct mbuf *m, ...) m_freem(opts); } else sorwakeup(last->inp_socket); - } else { - if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { - icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL, - 0, 0); - ipstat.ips_noproto++; - ipstat.ips_delivered--; - } else - m_freem(m); - } + } else if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { + icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL, + 0, 0); + ipstat.ips_noproto++; + ipstat.ips_delivered--; + } else + m_freem(m); return; } int -rip_pcbnotify(table, faddr, laddr, proto, errno, notify) - struct inpcbtable *table; - struct in_addr faddr, laddr; - int proto; - int errno; - void (*notify) __P((struct inpcb *, int)); +rip_pcbnotify(struct inpcbtable *table, + struct in_addr faddr, struct in_addr laddr, int proto, int errno, + void (*notify)(struct inpcb *, int)) { struct inpcb *inp, *ninp; int nmatch; @@ -266,13 +258,10 @@ rip_pcbnotify(table, faddr, laddr, proto } void * -rip_ctlinput(cmd, sa, v) - int cmd; - struct sockaddr *sa; - void *v; +rip_ctlinput(int cmd, const struct sockaddr *sa, void *v) { struct ip *ip = v; - void (*notify) __P((struct inpcb *, int)) = in_rtchange; + void (*notify)(struct inpcb *, int) = in_rtchange; int errno; if (sa->sa_family != AF_INET || @@ -288,12 +277,12 @@ rip_ctlinput(cmd, sa, v) else if (errno == 0) return NULL; if (ip) { - rip_pcbnotify(&rawcbtable, satosin(sa)->sin_addr, + rip_pcbnotify(&rawcbtable, satocsin(sa)->sin_addr, ip->ip_src, ip->ip_p, errno, notify); /* XXX mapped address case */ } else - in_pcbnotifyall(&rawcbtable, satosin(sa)->sin_addr, errno, + in_pcbnotifyall(&rawcbtable, satocsin(sa)->sin_addr, errno, notify); return NULL; } @@ -383,11 +372,8 @@ rip_output(struct mbuf *m, ...) * Raw IP socket option processing. */ int -rip_ctloutput(op, so, level, optname, m) - int op; - struct socket *so; - int level, optname; - struct mbuf **m; +rip_ctloutput(int op, struct socket *so, int level, int optname, + struct mbuf **m) { struct inpcb *inp = sotoinpcb(so); int error = 0; @@ -462,9 +448,7 @@ rip_ctloutput(op, so, level, optname, m) } int -rip_bind(inp, nam) - struct inpcb *inp; - struct mbuf *nam; +rip_bind(struct inpcb *inp, struct mbuf *nam) { struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); @@ -483,9 +467,7 @@ rip_bind(inp, nam) } int -rip_connect(inp, nam) - struct inpcb *inp; - struct mbuf *nam; +rip_connect(struct inpcb *inp, struct mbuf *nam) { struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); @@ -501,8 +483,7 @@ rip_connect(inp, nam) } void -rip_disconnect(inp) - struct inpcb *inp; +rip_disconnect(struct inpcb *inp) { inp->inp_faddr = zeroin_addr; @@ -513,11 +494,8 @@ u_long rip_recvspace = RIPRCVQ; /*ARGSUSED*/ int -rip_usrreq(so, req, m, nam, control, p) - struct socket *so; - int req; - struct mbuf *m, *nam, *control; - struct proc *p; +rip_usrreq(struct socket *so, int req, + struct mbuf *m, struct mbuf *nam, struct mbuf *control, struct lwp *l) { struct inpcb *inp; int s; @@ -527,17 +505,19 @@ rip_usrreq(so, req, m, nam, control, p) #endif if (req == PRU_CONTROL) - return (in_control(so, (long)m, (caddr_t)nam, - (struct ifnet *)control, p)); + return (in_control(so, (long)m, (void *)nam, + (struct ifnet *)control, l)); + + s = splsoftnet(); if (req == PRU_PURGEIF) { in_pcbpurgeif0(&rawcbtable, (struct ifnet *)control); in_purgeif((struct ifnet *)control); in_pcbpurgeif(&rawcbtable, (struct ifnet *)control); + splx(s); return (0); } - s = splsoftnet(); inp = sotoinpcb(so); #ifdef DIAGNOSTIC if (req != PRU_SEND && req != PRU_SENDOOB && control) @@ -555,10 +535,14 @@ rip_usrreq(so, req, m, nam, control, p) error = EISCONN; break; } - if (p == 0 || (error = suser(p->p_ucred, &p->p_acflag))) { + + if (l == NULL) { error = EACCES; break; } + + /* XXX: raw socket permissions are checked in socreate() */ + if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { error = soreserve(so, rip_sendspace, rip_recvspace); if (error) @@ -682,3 +666,32 @@ release: splx(s); return (error); } + +SYSCTL_SETUP(sysctl_net_inet_raw_setup, "sysctl net.inet.raw subtree setup") +{ + + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "net", NULL, + NULL, 0, NULL, 0, + CTL_NET, CTL_EOL); + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "inet", NULL, + NULL, 0, NULL, 0, + CTL_NET, PF_INET, CTL_EOL); + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "raw", + SYSCTL_DESCR("Raw IPv4 settings"), + NULL, 0, NULL, 0, + CTL_NET, PF_INET, IPPROTO_RAW, CTL_EOL); + + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_STRUCT, "pcblist", + SYSCTL_DESCR("Raw IPv4 control block list"), + sysctl_inpcblist, 0, &rawcbtable, 0, + CTL_NET, PF_INET, IPPROTO_RAW, + CTL_CREATE, CTL_EOL); +}