summaryrefslogtreecommitdiffstats
path: root/sys/netinet/raw_ip.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/raw_ip.c')
-rw-r--r--sys/netinet/raw_ip.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 1db3774..0b77b5b 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -427,11 +427,24 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst)
ip->ip_p = inp->inp_ip_p;
ip->ip_len = m->m_pkthdr.len;
ip->ip_src = inp->inp_laddr;
- error = prison_get_ip4(inp->inp_cred, &ip->ip_src);
- if (error != 0) {
- INP_RUNLOCK(inp);
- m_freem(m);
- return (error);
+ if (jailed(inp->inp_cred)) {
+ /*
+ * prison_local_ip4() would be good enough but would
+ * let a source of INADDR_ANY pass, which we do not
+ * want to see from jails. We do not go through the
+ * pain of in_pcbladdr() for raw sockets.
+ */
+ if (ip->ip_src.s_addr == INADDR_ANY)
+ error = prison_get_ip4(inp->inp_cred,
+ &ip->ip_src);
+ else
+ error = prison_local_ip4(inp->inp_cred,
+ &ip->ip_src);
+ if (error != 0) {
+ INP_RUNLOCK(inp);
+ m_freem(m);
+ return (error);
+ }
}
ip->ip_dst.s_addr = dst;
ip->ip_ttl = inp->inp_ip_ttl;
OpenPOWER on IntegriCloud