diff options
| author | jamie <jamie@FreeBSD.org> | 2009-05-29 21:27:12 +0000 |
|---|---|---|
| committer | jamie <jamie@FreeBSD.org> | 2009-05-29 21:27:12 +0000 |
| commit | 572db1408a55640213faa331981d20cda01f68d8 (patch) | |
| tree | 36c53629863ffb1eb32354e9a24549059dd6273f /sys/netinet6/icmp6.c | |
| parent | 64785ac65985d6800df1bacd80b5a3ba30b36b27 (diff) | |
| download | FreeBSD-src-572db1408a55640213faa331981d20cda01f68d8.zip FreeBSD-src-572db1408a55640213faa331981d20cda01f68d8.tar.gz | |
Place hostnames and similar information fully under the prison system.
The system hostname is now stored in prison0, and the global variable
"hostname" has been removed, as has the hostname_mtx mutex. Jails may
have their own host information, or they may inherit it from the
parent/system. The proper way to read the hostname is via
getcredhostname(), which will copy either the hostname associated with
the passed cred, or the system hostname if you pass NULL. The system
hostname can still be accessed directly (and without locking) at
prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and
hostuuid, which have also become prison parameters and had their
associated global variables removed.
Approved by: bz (mentor)
Diffstat (limited to 'sys/netinet6/icmp6.c')
| -rw-r--r-- | sys/netinet6/icmp6.c | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index f49a407..e9ef879 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/domain.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> #include <sys/malloc.h> @@ -401,7 +402,6 @@ int icmp6_input(struct mbuf **mp, int *offp, int proto) { INIT_VNET_INET6(curvnet); - INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ struct mbuf *m = *mp, *n; struct ifnet *ifp; struct ip6_hdr *ip6, *nip6; @@ -663,7 +663,6 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) else goto badlen; -#define hostnamelen strlen(V_hostname) if (mode == FQDN) { #ifndef PULLDOWN_TEST IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_nodeinfo), @@ -675,8 +674,9 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) /* XXX meaningless if n == NULL */ noff = sizeof(struct ip6_hdr); } else { + struct prison *pr; u_char *p; - int maxlen, maxhlen; + int maxlen, maxhlen, hlen; /* * XXX: this combination of flags is pointless, @@ -718,9 +718,11 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) n->m_pkthdr.rcvif = NULL; n->m_len = 0; maxhlen = M_TRAILINGSPACE(n) - maxlen; - mtx_lock(&hostname_mtx); - if (maxhlen > hostnamelen) - maxhlen = hostnamelen; + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + hlen = strlen(pr->pr_host); + if (maxhlen > hlen) + maxhlen = hlen; /* * Copy IPv6 and ICMPv6 only. */ @@ -730,15 +732,14 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) bcopy(icmp6, nicmp6, sizeof(struct icmp6_hdr)); p = (u_char *)(nicmp6 + 1); bzero(p, 4); - bcopy(V_hostname, p + 4, maxhlen); /* meaningless TTL */ - mtx_unlock(&hostname_mtx); + bcopy(pr->pr_host, p + 4, maxhlen); /* meaningless TTL */ + mtx_unlock(&pr->pr_mtx); noff = sizeof(struct ip6_hdr); n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + 4 + maxhlen; nicmp6->icmp6_type = ICMP6_WRUREPLY; nicmp6->icmp6_code = 0; } -#undef hostnamelen if (n) { ICMP6STAT_INC(icp6s_reflect); ICMP6STAT_INC(icp6s_outhist[ICMP6_WRUREPLY]); @@ -1177,14 +1178,13 @@ icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated) * - joins NI group address at in6_ifattach() time only, does not cope * with hostname changes by sethostname(3) */ -#define hostnamelen strlen(V_hostname) static struct mbuf * ni6_input(struct mbuf *m, int off) { INIT_VNET_INET6(curvnet); - INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ struct icmp6_nodeinfo *ni6, *nni6; struct mbuf *n = NULL; + struct prison *pr; u_int16_t qtype; int subjlen; int replylen = sizeof(struct ip6_hdr) + sizeof(struct icmp6_nodeinfo); @@ -1333,9 +1333,10 @@ ni6_input(struct mbuf *m, int off) * wildcard match, if gethostname(3) side has * truncated hostname. */ - mtx_lock(&hostname_mtx); - n = ni6_nametodns(V_hostname, hostnamelen, 0); - mtx_unlock(&hostname_mtx); + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + n = ni6_nametodns(pr->pr_host, strlen(pr->pr_host), 0); + mtx_unlock(&pr->pr_mtx); if (!n || n->m_next || n->m_len == 0) goto bad; IP6_EXTHDR_GET(subj, char *, m, @@ -1457,11 +1458,13 @@ ni6_input(struct mbuf *m, int off) nni6->ni_flags = 0; /* XXX: meaningless TTL */ fqdn->ni_fqdn_ttl = 0; /* ditto. */ /* - * XXX do we really have FQDN in variable "hostname"? + * XXX do we really have FQDN in hostname? */ - mtx_lock(&hostname_mtx); - n->m_next = ni6_nametodns(V_hostname, hostnamelen, oldfqdn); - mtx_unlock(&hostname_mtx); + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + n->m_next = + ni6_nametodns(pr->pr_host, strlen(pr->pr_host), oldfqdn); + mtx_unlock(&pr->pr_mtx); if (n->m_next == NULL) goto bad; /* XXX we assume that n->m_next is not a chain */ @@ -1497,7 +1500,6 @@ ni6_input(struct mbuf *m, int off) m_freem(n); return (NULL); } -#undef hostnamelen /* * make a mbuf with DNS-encoded string. no compression support. |
