}
#endif
-#if 0
+#ifndef linux /* FreeBSD */
static void
fill_ugid_cache(struct inpcb *inp, struct ip_fw_ugid *ugp)
{
ugp->fw_ngroups = cr->cr_ngroups;
bcopy(cr->cr_groups, ugp->fw_groups, sizeof(ugp->fw_groups));
}
-#endif /* no uigid support */
+#endif
static int
check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif,
u_int16_t src_port, struct ip_fw_ugid *ugp, int *ugid_lookupp,
struct inpcb *inp)
{
-#if 1
- return 0;
-#else
+#ifdef linux
+ int match = 0;
+ struct sk_buff *skb = ((struct mbuf *)inp)->m_skb;
+
+#if 0 /* debug */
+ printf("%s opcode %d arg %d oif %p src 0x%x:%d dst 0x%x:%d\n", __FUNCTION__,
+ insn->o.opcode, insn->d[0], oif,
+ ntohl(src_ip.s_addr), ntohs(src_port),
+ ntohl(dst_ip.s_addr), ntohs(dst_port)
+ );
+#endif
+ if (insn->o.opcode == O_JAIL) {
+#ifdef IPFW_PLANETLAB
+ match = (skb->skb_tag == insn->d[0]);
+#if 0 /* debug */
+ printf("JAIL compiled for planetlab xid %d want %d result %d\n",
+ skb->skb_tag, insn->d[0], match);
+#endif
+
+#endif
+ return match;
+ }
+
+ if (*ugid_lookupp == 0) { /* actively lookup and copy in cache */
+
+ /* returns null if any element of the chain up to file is null.
+ * if sk != NULL then we also have a reference
+ */
+ *ugid_lookupp = linux_lookup(proto,
+ src_ip.s_addr, htons(src_port),
+ dst_ip.s_addr, htons(dst_port),
+ skb, oif ? 1 : 0, ugp);
+
+ }
+ if (*ugid_lookupp < 0)
+ return 0;
+
+ if (insn->o.opcode == O_UID)
+ match = (ugp->fw_uid == (uid_t)insn->d[0]);
+ return match;
+
+#else /* FreeBSD */
+
struct inpcbinfo *pi;
int wildcard;
struct inpcb *pcb;
proto, oif,
dst_ip, dst_port,
src_ip, src_port, &fw_ugid_cache,
- &ugid_lookup, args->inp);
+ &ugid_lookup, (struct inpcb *)args->m);
break;
case O_RECV:
git://git.onelab.eu / ipfw.git / blobdiff