Page MenuHomeFreeBSD
Differential D37890 Diff 118066 sys/kern/kern_jail.c

Changeset View

Standalone View

View Options

sys/kern/kern_jail.c

Show First 20 LinesShow All 628 Lines▼ Show 20 Linesprison_ip_copyin(const pr_family_t af, void *op, uint32_t cnt)
* IP addresses are all sorted but ip[0] to preserve * IP addresses are all sorted but ip[0] to preserve
* the primary IP address as given from userland. * the primary IP address as given from userland.
* This special IP is used for unbound outgoing * This special IP is used for unbound outgoing
* connections as well for "loopback" traffic in case * connections as well for "loopback" traffic in case
* source address selection cannot find any more fitting * source address selection cannot find any more fitting
* address to connect from. * address to connect from.
*/ */
if (cnt > 1) if (cnt > 1)
qsort(pip->pr_ip + size, cnt - 1, size, pr_families[af].cmp); qsort(PR_IP(pip, af, 1), cnt - 1, size, cmp);
/* /*
* Check for duplicate addresses and do some simple * Check for duplicate addresses and do some simple
* zero and broadcast checks. If users give other bogus * zero and broadcast checks. If users give other bogus
* addresses it is their problem. * addresses it is their problem.
*/ */
for (int i = 0; i < cnt; i++) { for (int i = 0; i < cnt; i++) {
if (!pr_families[af].valid(PR_IP(pip, af, i))) { if (!pr_families[af].valid(PR_IP(pip, af, i))) {
free(pip, M_PRISON); free(pip, M_PRISON);
Show All 12 Lines
/* /*
* Allocate and dup parent prison address list. * Allocate and dup parent prison address list.
* kern_jail_set() helper. * kern_jail_set() helper.
*/ */
static void static void
prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af) prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af)
{ {
const struct prison_ip *ppip = ppr->pr_addrs[af];
struct prison_ip *pip;
if (ppr->pr_addrs[af] != NULL) { if (ppip != NULL) {
pr->pr_addrs[af] = prison_ip_alloc(af, pip = prison_ip_alloc(af, ppip->ips, M_WAITOK);
ppr->pr_addrs[af]->ips, M_WAITOK); bcopy(ppip->pr_ip, pip->pr_ip, pip->ips * pr_families[af].size);
bcopy(ppr->pr_addrs[af]->pr_ip, pr->pr_addrs[af]->pr_ip, pr->pr_addrs[af] = pip;
pr->pr_addrs[af]->ips * pr_families[af].size);
} }
} }
/* /*
* Make sure the new set of IP addresses is a subset of the parent's list. * Make sure the new set of IP addresses is a subset of the parent's list.
* Don't worry about the parent being unlocked, as any setting is done with * Don't worry about the parent being unlocked, as any setting is done with
* allprison_lock held. * allprison_lock held.
* kern_jail_set() helper. * kern_jail_set() helper.
▲ Show 20 LinesShow All 3,514 Lines▼ Show 20 Lines
#if defined(INET) || defined(INET6) #if defined(INET) || defined(INET6)
/* /*
* Copy address array to memory that would be then SYSCTL_OUT-ed. * Copy address array to memory that would be then SYSCTL_OUT-ed.
* sysctl_jail_list() helper. * sysctl_jail_list() helper.
*/ */
static void static void
prison_ip_copyout(struct prison *pr, const pr_family_t af, void **out, int *len) prison_ip_copyout(struct prison *pr, const pr_family_t af, void **out, int *len)
{ {
const struct prison_ip *pip;
const size_t size = pr_families[af].size; const size_t size = pr_families[af].size;
again: again:
mtx_assert(&pr->pr_mtx, MA_OWNED); mtx_assert(&pr->pr_mtx, MA_OWNED);
if (pr->pr_addrs[af] != NULL) { if ((pip = pr->pr_addrs[af]) != NULL) {
if (*len < pr->pr_addrs[af]->ips) { if (*len < pip->ips) {
*len = pr->pr_addrs[af]->ips; *len = pip->ips;
mtx_unlock(&pr->pr_mtx); mtx_unlock(&pr->pr_mtx);
*out = realloc(*out, *len * size, M_TEMP, M_WAITOK); *out = realloc(*out, *len * size, M_TEMP, M_WAITOK);
mtx_lock(&pr->pr_mtx); mtx_lock(&pr->pr_mtx);
goto again; goto again;
} }
bcopy(pr->pr_addrs[af]->pr_ip, *out, pr->pr_addrs[af]->ips * size); bcopy(pip->pr_ip, *out, pip->ips * size);
} }
} }
#endif #endif
static int static int
sysctl_jail_list(SYSCTL_HANDLER_ARGS) sysctl_jail_list(SYSCTL_HANDLER_ARGS)
{ {
struct xprison *xp; struct xprison *xp;
▲ Show 20 LinesShow All 788 LinesShow Last 20 Lines