svn commit: r266718 - stable/10/sys/netinet

[Steven Hartland]

Author: smh
Date: Mon May 26 22:54:15 2014
New Revision: 266718
URL: http://svnweb.freebsd.org/changeset/base/266718

Log:
  MFC r264879
  
  Fix jailed raw sockets not setting the correct source address by
  calling in_pcbladdr instead of prison_get_ip4.
  
  Sponsored by:	Multiplay

Modified:
  stable/10/sys/netinet/in_pcb.c
  stable/10/sys/netinet/in_pcb.h
  stable/10/sys/netinet/raw_ip.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/netinet/in_pcb.c
==============================================================================
--- stable/10/sys/netinet/in_pcb.c	Mon May 26 22:27:14 2014	(r266717)
+++ stable/10/sys/netinet/in_pcb.c	Mon May 26 22:54:15 2014	(r266718)
@@ -694,7 +694,7 @@ in_pcbconnect(struct inpcb *inp, struct 
  * Do proper source address selection on an unbound socket in case
  * of connect. Take jails into account as well.
  */
-static int
+int
 in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_addr *laddr,
     struct ucred *cred)
 {

Modified: stable/10/sys/netinet/in_pcb.h
==============================================================================
--- stable/10/sys/netinet/in_pcb.h	Mon May 26 22:27:14 2014	(r266717)
+++ stable/10/sys/netinet/in_pcb.h	Mon May 26 22:54:15 2014	(r266718)
@@ -636,6 +636,8 @@ void	in_pcbdrop(struct inpcb *);
 void	in_pcbfree(struct inpcb *);
 int	in_pcbinshash(struct inpcb *);
 int	in_pcbinshash_nopcbgroup(struct inpcb *);
+int	in_pcbladdr(struct inpcb *, struct in_addr *, struct in_addr *,
+	    struct ucred *);
 struct inpcb *
 	in_pcblookup_local(struct inpcbinfo *,
 	    struct in_addr, u_short, int, struct ucred *);

Modified: stable/10/sys/netinet/raw_ip.c
==============================================================================
--- stable/10/sys/netinet/raw_ip.c	Mon May 26 22:27:14 2014	(r266717)
+++ stable/10/sys/netinet/raw_ip.c	Mon May 26 22:54:15 2014	(r266718)
@@ -453,26 +453,26 @@ rip_output(struct mbuf *m, struct socket
 		ip->ip_p = inp->inp_ip_p;
 		ip->ip_len = htons(m->m_pkthdr.len);
 		ip->ip_src = inp->inp_laddr;
+		ip->ip_dst.s_addr = dst;
 		if (jailed(inp->inp_cred)) {
 			/*
 			 * prison_local_ip4() would be good enough but would
 			 * let a source of INADDR_ANY pass, which we do not
-			 * want to see from jails. We do not go through the
-			 * pain of in_pcbladdr() for raw sockets.
+			 * want to see from jails.
 			 */
-			if (ip->ip_src.s_addr == INADDR_ANY)
-				error = prison_get_ip4(inp->inp_cred,
-				    &ip->ip_src);
-			else
+			if (ip->ip_src.s_addr == INADDR_ANY) {
+				error = in_pcbladdr(inp, &ip->ip_dst, &ip->ip_src,
+				    inp->inp_cred);
+			} else {
 				error = prison_local_ip4(inp->inp_cred,
 				    &ip->ip_src);
+			}
 			if (error != 0) {
 				INP_RUNLOCK(inp);
 				m_freem(m);
 				return (error);
 			}
 		}
-		ip->ip_dst.s_addr = dst;
 		ip->ip_ttl = inp->inp_ip_ttl;
 	} else {
 		if (m->m_pkthdr.len > IP_MAXPACKET) {