X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=dummynet%2Fip_fw2.c;h=39d6ab73ca1e1c0aeda93640c484a79f5a97463a;hb=5f337135c613b2ee3cb24ade7617ecaae0a74681;hp=bdcfe1156d5bee4f5afa68c4f788db2aab4490e4;hpb=1c3dc9f45532c25adc21f297422f0f5a7420b8ca;p=ipfw.git diff --git a/dummynet/ip_fw2.c b/dummynet/ip_fw2.c index bdcfe11..39d6ab7 100644 --- a/dummynet/ip_fw2.c +++ b/dummynet/ip_fw2.c @@ -1978,7 +1978,7 @@ dump_table(struct ip_fw_chain *ch, ipfw_table *tbl) } #endif -#if 0 +#ifndef linux /* FreeBSD */ static void fill_ugid_cache(struct inpcb *inp, struct ip_fw_ugid *ugp) { @@ -1990,7 +1990,7 @@ fill_ugid_cache(struct inpcb *inp, struct ip_fw_ugid *ugp) ugp->fw_ngroups = cr->cr_ngroups; bcopy(cr->cr_groups, ugp->fw_groups, sizeof(ugp->fw_groups)); } -#endif /* no uigid support */ +#endif static int check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, @@ -1998,9 +1998,37 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, u_int16_t src_port, struct ip_fw_ugid *ugp, int *ugid_lookupp, struct inpcb *inp) { -#if 1 - return 0; -#else +#ifdef linux + int match = 0; + struct sk_buff *skb = ((struct mbuf *)inp)->m_skb; + + if (insn->o.opcode == O_JAIL) { +#ifdef IPFW_PLANETLAB + match = (skb->skb_tag == insn->d[0]); +#endif + return match; + } + + if (*ugid_lookupp == 0) { /* actively lookup and copy in cache */ + + /* returns null if any element of the chain up to file is null. + * if sk != NULL then we also have a reference + */ + *ugid_lookupp = linux_lookup(proto, + src_ip.s_addr, htons(src_port), + dst_ip.s_addr, htons(dst_port), + skb, oif ? 1 : 0, ugp); + + } + if (*ugid_lookupp < 0) + return 0; + + if (insn->o.opcode == O_UID) + match = (ugp->fw_uid == (uid_t)insn->d[0]); + return match; + +#else /* FreeBSD */ + struct inpcbinfo *pi; int wildcard; struct inpcb *pcb; @@ -2610,7 +2638,7 @@ check_body: proto, oif, dst_ip, dst_port, src_ip, src_port, &fw_ugid_cache, - &ugid_lookup, args->inp); + &ugid_lookup, (struct inpcb *)args->m); break; case O_RECV: