PERFORCE change 107261 for review

Wed Oct 4 13:12:16 PDT 2006

http://perforce.freebsd.org/chv.cgi?CH=107261

Change 107261 by rwatson at rwatson_zoo on 2006/10/04 20:11:22

	Keep comments about layering, but switch to priv(9).

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/net/if_gre.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv/sys/net/if_gre.c#3 (text+ko) ====

@@ -457,7 +457,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFFLAGS)) != 0)
 			break;
 		if ((ifr->ifr_flags & IFF_LINK0) != 0)
 			sc->g_proto = IPPROTO_GRE;
@@ -473,7 +473,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFMTU)) != 0)
 			break;
 		if (ifr->ifr_mtu < 576) {
 			error = EINVAL;
@@ -485,12 +485,36 @@
 		ifr->ifr_mtu = GRE2IFP(sc)->if_mtu;
 		break;
 	case SIOCADDMULTI:
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_ADDMULTI)) != 0)
+			break;
+		if (ifr == 0) {
+			error = EAFNOSUPPORT;
+			break;
+		}
+		switch (ifr->ifr_addr.sa_family) {
+#ifdef INET
+		case AF_INET:
+			break;
+#endif
+#ifdef INET6
+		case AF_INET6:
+			break;
+#endif
+		default:
+			error = EAFNOSUPPORT;
+			break;
+		}
+		break;
 	case SIOCDELMULTI:
 		/*
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_DELIFGROUP)) != 0)
 			break;
 		if (ifr == 0) {
 			error = EAFNOSUPPORT;
@@ -515,7 +539,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
 			break;
 		sc->g_proto = ifr->ifr_flags;
 		switch (sc->g_proto) {
@@ -606,7 +630,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		if (aifr->ifra_addr.sin_family != AF_INET ||
 		    aifr->ifra_dstaddr.sin_family != AF_INET) {
@@ -626,7 +650,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		if (lifr->addr.ss_family != AF_INET ||
 		    lifr->dstaddr.ss_family != AF_INET) {
@@ -647,7 +671,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		sc->g_src.s_addr = INADDR_ANY;
 		sc->g_dst.s_addr = INADDR_ANY;
