38#include <sys/kernel.h>
41#include <sys/sysproto.h>
42#include <sys/malloc.h>
46#include <sys/taskqueue.h>
52#include <sys/refcount.h>
54#include <sys/sysent.h>
58#include <sys/socket.h>
59#include <sys/syscallsubr.h>
60#include <sys/sysctl.h>
72 return (((
const struct in_addr *)prison_ip_get0(pr, PR_INET))->
s_addr);
126 KASSERT(cred != NULL, (
"%s: cred is NULL", __func__));
127 KASSERT(ia != NULL, (
"%s: ia is NULL", __func__));
129 pr = cred->cr_prison;
130 if (!(pr->pr_flags & PR_IP4))
132 mtx_lock(&pr->pr_mtx);
133 if (!(pr->pr_flags & PR_IP4)) {
134 mtx_unlock(&pr->pr_mtx);
137 if (pr->pr_addrs[PR_INET] == NULL) {
138 mtx_unlock(&pr->pr_mtx);
139 return (EAFNOSUPPORT);
143 mtx_unlock(&pr->pr_mtx);
161 KASSERT(cred != NULL, (
"%s: cred is NULL", __func__));
162 KASSERT(ia != NULL, (
"%s: ia is NULL", __func__));
167 pr = cred->cr_prison;
168 if (pr->pr_flags & PR_IP4_SADDRSEL)
196 while (pr1 != &prison0 &&
198 !(pr1->pr_flags & PR_VNET) &&
200 !(pr1->pr_flags & PR_IP4_USER))
201 pr1 = pr1->pr_parent;
202 while (pr2 != &prison0 &&
204 !(pr2->pr_flags & PR_VNET) &&
206 !(pr2->pr_flags & PR_IP4_USER))
207 pr2 = pr2->pr_parent;
226 KASSERT(cred != NULL, (
"%s: cred is NULL", __func__));
227 KASSERT(ia != NULL, (
"%s: ia is NULL", __func__));
229 pr = cred->cr_prison;
230 if (!(pr->pr_flags & PR_IP4))
232 mtx_lock(&pr->pr_mtx);
233 if (!(pr->pr_flags & PR_IP4)) {
234 mtx_unlock(&pr->pr_mtx);
237 if (pr->pr_addrs[PR_INET] == NULL) {
238 mtx_unlock(&pr->pr_mtx);
239 return (EAFNOSUPPORT);
248 if (prison_ip_cnt(pr, PR_INET) == 1)
250 mtx_unlock(&pr->pr_mtx);
255 if (error == EADDRNOTAVAIL && ia0.
s_addr == INADDR_LOOPBACK) {
260 mtx_unlock(&pr->pr_mtx);
275 KASSERT(cred != NULL, (
"%s: cred is NULL", __func__));
276 KASSERT(ia != NULL, (
"%s: ia is NULL", __func__));
278 pr = cred->cr_prison;
279 if (!(pr->pr_flags & PR_IP4))
281 mtx_lock(&pr->pr_mtx);
282 if (!(pr->pr_flags & PR_IP4)) {
283 mtx_unlock(&pr->pr_mtx);
286 if (pr->pr_addrs[PR_INET] == NULL) {
287 mtx_unlock(&pr->pr_mtx);
288 return (EAFNOSUPPORT);
291 if (ntohl(ia->
s_addr) == INADDR_LOOPBACK &&
294 mtx_unlock(&pr->pr_mtx);
301 mtx_unlock(&pr->pr_mtx);
315 if (!(pr->pr_flags & PR_IP4))
318 return (prison_ip_check(pr, PR_INET, ia));
327 KASSERT(cred != NULL, (
"%s: cred is NULL", __func__));
328 KASSERT(ia != NULL, (
"%s: ia is NULL", __func__));
330 pr = cred->cr_prison;
331 if (!(pr->pr_flags & PR_IP4))
333 mtx_lock(&pr->pr_mtx);
334 if (!(pr->pr_flags & PR_IP4)) {
335 mtx_unlock(&pr->pr_mtx);
338 if (pr->pr_addrs[PR_INET] == NULL) {
339 mtx_unlock(&pr->pr_mtx);
340 return (EAFNOSUPPORT);
344 mtx_unlock(&pr->pr_mtx);
int prison_local_ip4(struct ucred *cred, struct in_addr *ia)
bool prison_valid_v4(const void *ip)
int prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
int prison_qcmp_v4(const void *ip1, const void *ip2)
int prison_equal_ip4(struct prison *pr1, struct prison *pr2)
int prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
int prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
static in_addr_t prison_primary_ip4(const struct prison *pr)
int prison_get_ip4(struct ucred *cred, struct in_addr *ia)
int prison_check_ip4_locked(const struct prison *pr, const struct in_addr *ia)