Module Name: src Committed By: yamt Date: Thu Jun 21 10:30:47 UTC 2012
Modified Files: src/sys/netinet: rfc6056.c Log Message: whitespace and cosmetics. no functional changes. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/netinet/rfc6056.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/rfc6056.c diff -u src/sys/netinet/rfc6056.c:1.6 src/sys/netinet/rfc6056.c:1.7 --- src/sys/netinet/rfc6056.c:1.6 Fri Apr 13 15:38:04 2012 +++ src/sys/netinet/rfc6056.c Thu Jun 21 10:30:47 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: rfc6056.c,v 1.6 2012/04/13 15:38:04 yamt Exp $ */ +/* $NetBSD: rfc6056.c,v 1.7 2012/06/21 10:30:47 yamt Exp $ */ /* * Copyright 2011 Vlad Balan @@ -34,7 +34,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: rfc6056.c,v 1.6 2012/04/13 15:38:04 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rfc6056.c,v 1.7 2012/06/21 10:30:47 yamt Exp $"); #include "opt_inet.h" @@ -143,13 +143,13 @@ static int pcb_getports(struct inpcb_hdr *inp_hdr, uint16_t *lastport, uint16_t *mymin, uint16_t *mymax, uint16_t **pnext_ephemeral, int algo) { + struct inpcbtable * const table = inp_hdr->inph_table; struct socket *so; int rfc6056_proto; int rfc6056_af; int rfc6056_range; so = inp_hdr->inph_socket; - switch (so->so_type) { case SOCK_DGRAM: /* UDP or DCCP */ rfc6056_proto = RFC6056_UDP; @@ -165,10 +165,8 @@ pcb_getports(struct inpcb_hdr *inp_hdr, #ifdef INET case AF_INET: { struct inpcb *inp = (struct inpcb *)(void *)inp_hdr; - struct inpcbtable *table = inp->inp_table; rfc6056_af = RFC6056_IPV4; - if (inp->inp_flags & INP_LOWPORT) { *mymin = lowportmin; *mymax = lowportmax; @@ -186,10 +184,8 @@ pcb_getports(struct inpcb_hdr *inp_hdr, #ifdef INET6 case AF_INET6: { struct in6pcb *in6p = (struct in6pcb *)(void *)inp_hdr; - struct inpcbtable *table = in6p->in6p_table; rfc6056_af = RFC6056_IPV6; - if (in6p->in6p_flags & IN6P_LOWPORT) { *mymin = ip6_lowportmin; *mymax = ip6_lowportmax; @@ -233,10 +229,9 @@ pcb_getports(struct inpcb_hdr *inp_hdr, * shamelessly copied from in_pcb.c. */ static bool -check_suitable_port(uint16_t port, struct inpcb_hdr *inp_hdr, -kauth_cred_t cred) +check_suitable_port(uint16_t port, struct inpcb_hdr *inp_hdr, kauth_cred_t cred) { - struct inpcbtable *table; + struct inpcbtable * const table = inp_hdr->inph_table; #ifdef INET vestigial_inpcb_t vestigial; #endif @@ -248,28 +243,14 @@ kauth_cred_t cred) DPRINTF("%s called for argument %d\n", __func__, port); - switch (inp_hdr->inph_af) { #ifdef INET case AF_INET: { /* IPv4 */ struct inpcb *inp = (struct inpcb *)(void *)inp_hdr; struct inpcb *pcb; struct sockaddr_in sin; - enum kauth_network_req req; - - if (inp->inp_flags & INP_LOWPORT) { -#ifndef IPNOPRIVPORTS - req = KAUTH_REQ_NETWORK_BIND_PRIVPORT; -#else - req = KAUTH_REQ_NETWORK_BIND_PORT; -#endif - } else - req = KAUTH_REQ_NETWORK_BIND_PORT; - - table = inp->inp_table; sin.sin_addr = inp->inp_laddr; - pcb = in_pcblookup_port(table, sin.sin_addr, htons(port), 1, &vestigial); @@ -278,6 +259,18 @@ kauth_cred_t cred) __func__, pcb, vestigial.valid); if ((!pcb) && (!vestigial.valid)) { + enum kauth_network_req req; + + /* We have a free port. Check with the secmodel. */ + if (inp->inp_flags & INP_LOWPORT) { +#ifndef IPNOPRIVPORTS + req = KAUTH_REQ_NETWORK_BIND_PRIVPORT; +#else + req = KAUTH_REQ_NETWORK_BIND_PORT; +#endif + } else + req = KAUTH_REQ_NETWORK_BIND_PORT; + sin.sin_port = port; error = kauth_authorize_network(cred, KAUTH_NETWORK_BIND, @@ -296,21 +289,9 @@ kauth_cred_t cred) #ifdef INET6 case AF_INET6: { /* IPv6 */ struct in6pcb *in6p = (struct in6pcb *)(void *)inp_hdr; - table = in6p->in6p_table; struct sockaddr_in6 sin6; - enum kauth_network_req req; void *t; - if (in6p->in6p_flags & IN6P_LOWPORT) { -#ifndef IPNOPRIVPORTS - req = KAUTH_REQ_NETWORK_BIND_PRIVPORT; -#else - req = KAUTH_REQ_NETWORK_BIND_PORT; -#endif - } else { - req = KAUTH_REQ_NETWORK_BIND_PORT; - } - sin6.sin6_addr = in6p->in6p_laddr; so = in6p->in6p_socket; @@ -341,8 +322,20 @@ kauth_cred_t cred) return false; } } - if (t == 0) { + if (t == NULL) { + enum kauth_network_req req; + /* We have a free port. Check with the secmodel. */ + if (in6p->in6p_flags & IN6P_LOWPORT) { +#ifndef IPNOPRIVPORTS + req = KAUTH_REQ_NETWORK_BIND_PRIVPORT; +#else + req = KAUTH_REQ_NETWORK_BIND_PORT; +#endif + } else { + req = KAUTH_REQ_NETWORK_BIND_PORT; + } + sin6.sin6_port = port; error = kauth_authorize_network(cred, KAUTH_NETWORK_BIND, req, so, &sin6, NULL); @@ -720,7 +713,6 @@ static int algo_randinc(int algo, uint16_t *port, struct inpcb_hdr *inp_hdr, kauth_cred_t cred) { - static const uint16_t N = 500; /* Determines the trade-off */ uint16_t count, num_ephemeral; uint16_t mymin, mymax, lastport; @@ -861,6 +853,7 @@ rfc6056_algo_name_select(const char *nam int rfc6056_algo_index_select(struct inpcb_hdr *inp, int algo) { + DPRINTF("%s called with algo %d for pcb %p\n", __func__, algo, inp ); if ((algo < 0 || algo >= NALGOS) && @@ -918,6 +911,7 @@ sysctl_rfc6056_helper(SYSCTLFN_ARGS, int int sysctl_rfc6056_selected(SYSCTLFN_ARGS) { + return sysctl_rfc6056_helper(SYSCTLFN_CALL(rnode), &inet4_rfc6056algo); } @@ -925,6 +919,7 @@ sysctl_rfc6056_selected(SYSCTLFN_ARGS) int sysctl_rfc6056_selected6(SYSCTLFN_ARGS) { + return sysctl_rfc6056_helper(SYSCTLFN_CALL(rnode), &inet6_rfc6056algo); } #endif