X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=dummynet%2Fip_fw2.c;h=e3483dfae1d69e8792c40772df5bbfe51b69d20e;hb=555356c75160188585b6f94df115fbdddc8cb3dd;hp=039e084f03dfc829d706865a67735f9059197675;hpb=7a117b941275e2471bf4e035c1042640f1d24f04;p=ipfw.git diff --git a/dummynet/ip_fw2.c b/dummynet/ip_fw2.c index 039e084..e3483df 100644 --- a/dummynet/ip_fw2.c +++ b/dummynet/ip_fw2.c @@ -1978,7 +1978,7 @@ dump_table(struct ip_fw_chain *ch, ipfw_table *tbl) } #endif -#if 0 +#ifndef linux /* FreeBSD */ static void fill_ugid_cache(struct inpcb *inp, struct ip_fw_ugid *ugp) { @@ -1990,57 +1990,57 @@ fill_ugid_cache(struct inpcb *inp, struct ip_fw_ugid *ugp) ugp->fw_ngroups = cr->cr_ngroups; bcopy(cr->cr_groups, ugp->fw_groups, sizeof(ugp->fw_groups)); } -#endif /* no uigid support */ +#endif static int check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, struct in_addr dst_ip, u_int16_t dst_port, struct in_addr src_ip, u_int16_t src_port, struct ip_fw_ugid *ugp, int *ugid_lookupp, - struct inpcb *inp, struct sk_buff *skb) + struct inpcb *inp) { -#if 1 /* Linux */ - - const struct file *filp; - - if (insn->o.opcode == O_JAIL) - return 0; - - if (skb->sk == NULL || skb->sk->sk_socket == NULL) - return 0; - - filp = skb->sk->sk_socket->file; - if (filp == NULL) - return 0; - -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,28) -/* use the current's real uid/gid */ -#define UID f_uid -#define GID f_gid -#else /* 2.6.29 */ -/* use the current's file access real uid/gid */ -#define UID f_cred->fsuid -#define GID f_cred->fsgid +#ifdef linux + int match = 0; + struct sk_buff *skb = ((struct mbuf *)inp)->m_skb; + +#if 0 /* debug */ + printf("%s opcode %d arg %d oif %p src 0x%x:%d dst 0x%x:%d\n", __FUNCTION__, + insn->o.opcode, insn->d[0], oif, + ntohl(src_ip.s_addr), ntohs(src_port), + ntohl(dst_ip.s_addr), ntohs(dst_port) + ); +#endif + if (insn->o.opcode == O_JAIL) { +#ifdef IPFW_PLANETLAB + match = (skb->skb_tag == insn->d[0]); +#if 0 /* debug */ + printf("JAIL compiled for planetlab xid %d want %d result %d\n", + skb->skb_tag, insn->d[0], match); #endif - if (insn->o.opcode == O_UID) { - if (filp->UID != (uid_t)insn->d[0]) - return 0; +#endif + return match; } - if (insn->o.opcode == O_GID) { - if (filp->GID != (gid_t)insn->d[0]) - return 0; - } + if (*ugid_lookupp == 0) { /* actively lookup and copy in cache */ + + /* returns null if any element of the chain up to file is null. + * if sk != NULL then we also have a reference + */ + *ugid_lookupp = linux_lookup(proto, + src_ip.s_addr, htons(src_port), + dst_ip.s_addr, htons(dst_port), + skb, oif ? 1 : 0, ugp); - /* check for slice_id matching */ - if (insn->o.opcode == O_GID) { - if (filp->GID != (gid_t)insn->d[0]) - return 0; } + if (*ugid_lookupp < 0) + return 0; - return 1; + if (insn->o.opcode == O_UID) + match = (ugp->fw_uid == (uid_t)insn->d[0]); + return match; + +#else /* FreeBSD */ -#else /* FreeBSD original code */ struct inpcbinfo *pi; int wildcard; struct inpcb *pcb; @@ -2650,7 +2650,7 @@ check_body: proto, oif, dst_ip, dst_port, src_ip, src_port, &fw_ugid_cache, - &ugid_lookup, args->inp, m->m_skb); + &ugid_lookup, (struct inpcb *)args->m); break; case O_RECV: