diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-04-10 15:58:38 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-04-10 15:58:38 +0000 |
commit | 3e9709c5513e6596840403fca428e826608a4bc4 (patch) | |
tree | 6119cb734ddaa9c04bd2ba4c76f5ab21d3c8a086 | |
parent | fc1b9c146d4d1e857dc4eb0d4f003b3fd6600295 (diff) | |
download | FreeBSD-src-3e9709c5513e6596840403fca428e826608a4bc4.zip FreeBSD-src-3e9709c5513e6596840403fca428e826608a4bc4.tar.gz |
Add a new privilege, PRIV_NETINET_REUSEPORT, which will replace superuser
checks to see whether bind() can reuse a port/address combination while
it's already in use (for some definition of use).
-rw-r--r-- | sys/netinet/in_pcb.c | 3 | ||||
-rw-r--r-- | sys/sys/priv.h | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index eb0852a..fc31367 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -345,7 +345,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, if (jailed(cred)) prison = 1; if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && - suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) { + priv_check_cred(so->so_cred, + PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) { t = in_pcblookup_local(inp->inp_pcbinfo, sin->sin_addr, lport, prison ? 0 : INPLOOKUP_WILDCARD); diff --git a/sys/sys/priv.h b/sys/sys/priv.h index d5b9cd3..150c9a1 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -368,6 +368,7 @@ #define PRIV_NETINET_SCOPE6 501 /* Administer IPv6 address scopes. */ #define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */ #define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */ +#define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */ /* * IPX/SPX privileges. |