Author: bz
Date: Tue Jun 23 22:08:55 2009
New Revision: 194777
URL: http://svn.freebsd.org/changeset/base/194777
Log:
Make callers to in6_selectsrc() and in6_pcbladdr() pass in memory
to save the selected source address rather than returning an
unreferenced copy to a pointer that might long be gone by the
time we use the pointer for anything meaningful.
Asked for by: rwatson
Reviewed by: rwatson
Modified:
head/sys/netinet/tcp_usrreq.c
head/sys/netinet6/icmp6.c
head/sys/netinet6/in6_pcb.c
head/sys/netinet6/in6_pcb.h
head/sys/netinet6/in6_src.c
head/sys/netinet6/ip6_var.h
head/sys/netinet6/nd6_nbr.c
head/sys/netinet6/raw_ip6.c
head/sys/netinet6/udp6_usrreq.c
Modified: head/sys/netinet/tcp_usrreq.c
==============================================================================
--- head/sys/netinet/tcp_usrreq.c Tue Jun 23 22:08:25 2009
(r194776)
+++ head/sys/netinet/tcp_usrreq.c Tue Jun 23 22:08:55 2009
(r194777)
@@ -1137,7 +1137,7 @@ tcp6_connect(struct tcpcb *tp, struct so
struct socket *so = inp->inp_socket;
INIT_VNET_INET(so->so_vnet);
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
- struct in6_addr *addr6;
+ struct in6_addr addr6;
int error;
INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
@@ -1161,13 +1161,13 @@ tcp6_connect(struct tcpcb *tp, struct so
oinp = in6_pcblookup_hash(inp->inp_pcbinfo,
&sin6->sin6_addr, sin6->sin6_port,
IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)
- ? addr6
+ ? &addr6
: &inp->in6p_laddr,
inp->inp_lport, 0, NULL);
if (oinp)
return EADDRINUSE;
if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr))
- inp->in6p_laddr = *addr6;
+ inp->in6p_laddr = addr6;
inp->in6p_faddr = sin6->sin6_addr;
inp->inp_fport = sin6->sin6_port;
/* update flowinfo - draft-itojun-ipv6-flowlabel-api-00 */
Modified: head/sys/netinet6/icmp6.c
==============================================================================
--- head/sys/netinet6/icmp6.c Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/icmp6.c Tue Jun 23 22:08:55 2009 (r194777)
@@ -2080,7 +2080,7 @@ icmp6_reflect(struct mbuf *m, size_t off
int plen;
int type, code;
struct ifnet *outif = NULL;
- struct in6_addr origdst, *src = NULL;
+ struct in6_addr origdst, src, *srcp = NULL;
/* too short to reflect */
if (off < sizeof(struct ip6_hdr)) {
@@ -2148,7 +2148,7 @@ icmp6_reflect(struct mbuf *m, size_t off
if ((ia = ip6_getdstifaddr(m))) {
if (!(ia->ia6_flags &
(IN6_IFF_ANYCAST|IN6_IFF_NOTREADY)))
- src = &ia->ia_addr.sin6_addr;
+ srcp = &ia->ia_addr.sin6_addr;
} else {
struct sockaddr_in6 d;
@@ -2161,12 +2161,12 @@ icmp6_reflect(struct mbuf *m, size_t off
if (ia &&
!(ia->ia6_flags &
(IN6_IFF_ANYCAST|IN6_IFF_NOTREADY))) {
- src = &ia->ia_addr.sin6_addr;
+ srcp = &ia->ia_addr.sin6_addr;
}
}
}
- if (src == NULL) {
+ if (srcp == NULL) {
int e;
struct sockaddr_in6 sin6;
struct route_in6 ro;
@@ -2182,10 +2182,10 @@ icmp6_reflect(struct mbuf *m, size_t off
sin6.sin6_addr = ip6->ip6_dst; /* zone ID should be embedded */
bzero(&ro, sizeof(ro));
- src = in6_selectsrc(&sin6, NULL, NULL, &ro, NULL, &outif, &e);
+ e = in6_selectsrc(&sin6, NULL, NULL, &ro, NULL, &outif, &src);
if (ro.ro_rt)
RTFREE(ro.ro_rt); /* XXX: we could use this */
- if (src == NULL) {
+ if (e) {
char ip6buf[INET6_ADDRSTRLEN];
nd6log((LOG_DEBUG,
"icmp6_reflect: source can't be determined: "
@@ -2193,9 +2193,10 @@ icmp6_reflect(struct mbuf *m, size_t off
ip6_sprintf(ip6buf, &sin6.sin6_addr), e));
goto bad;
}
+ srcp = &src;
}
- ip6->ip6_src = *src;
+ ip6->ip6_src = *srcp;
ip6->ip6_flow = 0;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
Modified: head/sys/netinet6/in6_pcb.c
==============================================================================
--- head/sys/netinet6/in6_pcb.c Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/in6_pcb.c Tue Jun 23 22:08:55 2009 (r194777)
@@ -289,13 +289,14 @@ in6_pcbbind(register struct inpcb *inp,
*/
int
in6_pcbladdr(register struct inpcb *inp, struct sockaddr *nam,
- struct in6_addr **plocal_addr6)
+ struct in6_addr *plocal_addr6)
{
INIT_VNET_INET6(inp->inp_vnet);
register struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
int error = 0;
struct ifnet *ifp = NULL;
int scope_ambiguous = 0;
+ struct in6_addr in6a;
INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo);
INP_WLOCK_ASSERT(inp);
@@ -323,25 +324,25 @@ in6_pcbladdr(register struct inpcb *inp,
if ((error = prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr)) != 0)
return (error);
- /*
- * XXX: in6_selectsrc might replace the bound local address
- * with the address specified by setsockopt(IPV6_PKTINFO).
- * Is it the intended behavior?
- */
- *plocal_addr6 = in6_selectsrc(sin6, inp->in6p_outputopts,
- inp, NULL,
- inp->inp_cred,
- &ifp, &error);
+ error = in6_selectsrc(sin6, inp->in6p_outputopts,
+ inp, NULL, inp->inp_cred, &ifp, &in6a);
+ if (error)
+ return (error);
+
if (ifp && scope_ambiguous &&
(error = in6_setscope(&sin6->sin6_addr, ifp, NULL)) != 0) {
return(error);
}
- if (*plocal_addr6 == NULL) {
- if (error == 0)
- error = EADDRNOTAVAIL;
- return (error);
- }
+ /*
+ * Do not update this earlier, in case we return with an error.
+ *
+ * XXX: this in6_selectsrc result might replace the bound local
+ * aaddress with the address specified by setsockopt(IPV6_PKTINFO).
+ * Is it the intended behavior?
+ */
+ *plocal_addr6 = in6a;
+
/*
* Don't do pcblookup call here; return interface in
* plocal_addr6
@@ -362,8 +363,8 @@ int
in6_pcbconnect(register struct inpcb *inp, struct sockaddr *nam,
struct ucred *cred)
{
- struct in6_addr *addr6;
register struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
+ struct in6_addr addr6;
int error;
INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo);
@@ -379,7 +380,7 @@ in6_pcbconnect(register struct inpcb *in
if (in6_pcblookup_hash(inp->inp_pcbinfo, &sin6->sin6_addr,
sin6->sin6_port,
IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)
- ? addr6 : &inp->in6p_laddr,
+ ? &addr6 : &inp->in6p_laddr,
inp->inp_lport, 0, NULL) != NULL) {
return (EADDRINUSE);
}
@@ -389,7 +390,7 @@ in6_pcbconnect(register struct inpcb *in
if (error)
return (error);
}
- inp->in6p_laddr = *addr6;
+ inp->in6p_laddr = addr6;
}
inp->in6p_faddr = sin6->sin6_addr;
inp->inp_fport = sin6->sin6_port;
Modified: head/sys/netinet6/in6_pcb.h
==============================================================================
--- head/sys/netinet6/in6_pcb.h Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/in6_pcb.h Tue Jun 23 22:08:55 2009 (r194777)
@@ -74,8 +74,7 @@ void in6_losing __P((struct inpcb *));
int in6_pcbbind __P((struct inpcb *, struct sockaddr *, struct ucred *));
int in6_pcbconnect __P((struct inpcb *, struct sockaddr *, struct ucred *));
void in6_pcbdisconnect __P((struct inpcb *));
-int in6_pcbladdr __P((struct inpcb *, struct sockaddr *,
- struct in6_addr **));
+int in6_pcbladdr(struct inpcb *, struct sockaddr *, struct in6_addr *);
struct inpcb *
in6_pcblookup_local __P((struct inpcbinfo *,
struct in6_addr *, u_short, int,
Modified: head/sys/netinet6/in6_src.c
==============================================================================
--- head/sys/netinet6/in6_src.c Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/in6_src.c Tue Jun 23 22:08:55 2009 (r194777)
@@ -179,10 +179,10 @@ static struct in6_addrpolicy *match_addr
goto out; /* XXX: we can't use 'break' here */ \
} while(0)
-struct in6_addr *
+int
in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
- struct ifnet **ifpp, int *errorp)
+ struct ifnet **ifpp, struct in6_addr *srcp)
{
INIT_VNET_INET6(curvnet);
struct in6_addr dst;
@@ -193,10 +193,12 @@ in6_selectsrc(struct sockaddr_in6 *dstso
struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
u_int32_t odstzone;
int prefer_tempaddr;
+ int error;
struct ip6_moptions *mopts;
+ KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
+
dst = dstsock->sin6_addr; /* make a copy for local operation */
- *errorp = 0;
if (ifpp)
*ifpp = NULL;
@@ -219,10 +221,8 @@ in6_selectsrc(struct sockaddr_in6 *dstso
struct in6_ifaddr *ia6;
/* get the outgoing interface */
- if ((*errorp = in6_selectif(dstsock, opts, mopts, ro, &ifp))
- != 0) {
- return (NULL);
- }
+ if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
+ return (error);
/*
* determine the appropriate zone id of the source based on
@@ -236,14 +236,14 @@ in6_selectsrc(struct sockaddr_in6 *dstso
srcsock.sin6_len = sizeof(srcsock);
srcsock.sin6_addr = pi->ipi6_addr;
if (ifp) {
- *errorp = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
- if (*errorp != 0)
- return (NULL);
+ error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
+ if (error)
+ return (error);
}
- if (cred != NULL && (*errorp = prison_local_ip6(cred,
+ if (cred != NULL && (error = prison_local_ip6(cred,
&srcsock.sin6_addr, (inp != NULL &&
(inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
- return (NULL);
+ return (error);
ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
(struct sockaddr *)&srcsock);
@@ -251,21 +251,14 @@ in6_selectsrc(struct sockaddr_in6 *dstso
(ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
if (ia6 != NULL)
ifa_free(&ia6->ia_ifa);
- *errorp = EADDRNOTAVAIL;
- return (NULL);
+ return (EADDRNOTAVAIL);
}
pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
if (ifpp)
*ifpp = ifp;
-
- /*
- * XXXRW: This returns a pointer into a structure with no
- * refcount. in6_selectsrc() should return it to caller-
- * provided memory using call-by-reference rather than
- * returning pointers into other memory.
- */
+ bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
ifa_free(&ia6->ia_ifa);
- return (&ia6->ia_addr.sin6_addr);
+ return (0);
}
/*
@@ -273,10 +266,11 @@ in6_selectsrc(struct sockaddr_in6 *dstso
*/
if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
if (cred != NULL &&
- (*errorp = prison_local_ip6(cred, &inp->in6p_laddr,
+ (error = prison_local_ip6(cred, &inp->in6p_laddr,
((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
- return (NULL);
- return (&inp->in6p_laddr);
+ return (error);
+ bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
+ return (0);
}
/*
@@ -284,16 +278,16 @@ in6_selectsrc(struct sockaddr_in6 *dstso
* the outgoing interface and the destination address.
*/
/* get the outgoing interface */
- if ((*errorp = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
- return (NULL);
+ if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
+ return (error);
#ifdef DIAGNOSTIC
if (ifp == NULL) /* this should not happen */
panic("in6_selectsrc: NULL ifp");
#endif
- *errorp = in6_setscope(&dst, ifp, &odstzone);
- if (*errorp != 0)
- return (NULL);
+ error = in6_setscope(&dst, ifp, &odstzone);
+ if (error)
+ return (error);
for (ia = V_in6_ifaddr; ia; ia = ia->ia_next) {
int new_scope = -1, new_matchlen = -1;
@@ -472,15 +466,14 @@ in6_selectsrc(struct sockaddr_in6 *dstso
break;
}
- if ((ia = ia_best) == NULL) {
- *errorp = EADDRNOTAVAIL;
- return (NULL);
- }
+ if ((ia = ia_best) == NULL)
+ return (EADDRNOTAVAIL);
if (ifpp)
*ifpp = ifp;
- return (&ia->ia_addr.sin6_addr);
+ bcopy(&ia->ia_addr.sin6_addr, srcp, sizeof(*srcp));
+ return (0);
}
/*
Modified: head/sys/netinet6/ip6_var.h
==============================================================================
--- head/sys/netinet6/ip6_var.h Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/ip6_var.h Tue Jun 23 22:08:55 2009 (r194777)
@@ -402,9 +402,9 @@ int rip6_usrreq __P((struct socket *,
int dest6_input __P((struct mbuf **, int *, int));
int none_input __P((struct mbuf **, int *, int));
-struct in6_addr *in6_selectsrc __P((struct sockaddr_in6 *, struct ip6_pktopts
*,
+int in6_selectsrc(struct sockaddr_in6 *, struct ip6_pktopts *,
struct inpcb *inp, struct route_in6 *, struct ucred *cred,
- struct ifnet **, int *));
+ struct ifnet **, struct in6_addr *);
int in6_selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *,
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
struct rtentry **));
Modified: head/sys/netinet6/nd6_nbr.c
==============================================================================
--- head/sys/netinet6/nd6_nbr.c Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/nd6_nbr.c Tue Jun 23 22:08:55 2009 (r194777)
@@ -505,9 +505,9 @@ nd6_ns_output(struct ifnet *ifp, const s
dst_sa.sin6_len = sizeof(dst_sa);
dst_sa.sin6_addr = ip6->ip6_dst;
- src = in6_selectsrc(&dst_sa, NULL,
- NULL, &ro, NULL, NULL, &error);
- if (src == NULL) {
+ error = in6_selectsrc(&dst_sa, NULL,
+ NULL, &ro, NULL, NULL, &src_in);
+ if (error) {
char ip6buf[INET6_ADDRSTRLEN];
nd6log((LOG_DEBUG,
"nd6_ns_output: source can't be "
@@ -516,6 +516,7 @@ nd6_ns_output(struct ifnet *ifp, const s
error));
goto bad;
}
+ src = &src_in;
}
} else {
/*
@@ -933,7 +934,7 @@ nd6_na_output(struct ifnet *ifp, const s
struct ip6_hdr *ip6;
struct nd_neighbor_advert *nd_na;
struct ip6_moptions im6o;
- struct in6_addr *src, daddr6;
+ struct in6_addr src, daddr6;
struct sockaddr_in6 dst_sa;
int icmp6len, maxlen, error;
caddr_t mac = NULL;
@@ -1006,15 +1007,15 @@ nd6_na_output(struct ifnet *ifp, const s
* Select a source whose scope is the same as that of the dest.
*/
bcopy(&dst_sa, &ro.ro_dst, sizeof(dst_sa));
- src = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, NULL, &error);
- if (src == NULL) {
+ error = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, NULL, &src);
+ if (error) {
char ip6buf[INET6_ADDRSTRLEN];
nd6log((LOG_DEBUG, "nd6_na_output: source can't be "
"determined: dst=%s, error=%d\n",
ip6_sprintf(ip6buf, &dst_sa.sin6_addr), error));
goto bad;
}
- ip6->ip6_src = *src;
+ ip6->ip6_src = src;
nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
nd_na->nd_na_code = 0;
Modified: head/sys/netinet6/raw_ip6.c
==============================================================================
--- head/sys/netinet6/raw_ip6.c Tue Jun 23 22:08:25 2009 (r194776)
+++ head/sys/netinet6/raw_ip6.c Tue Jun 23 22:08:55 2009 (r194777)
@@ -389,7 +389,7 @@ rip6_output(m, va_alist)
struct ifnet *oifp = NULL;
int type = 0, code = 0; /* for ICMPv6 output statistics only */
int scope_ambiguous = 0;
- struct in6_addr *in6a;
+ struct in6_addr in6a;
va_list ap;
va_start(ap, m);
@@ -450,16 +450,14 @@ rip6_output(m, va_alist)
/*
* Source address selection.
*/
- if ((in6a = in6_selectsrc(dstsock, optp, in6p, NULL, so->so_cred,
- &oifp, &error)) == NULL) {
- if (error == 0)
- error = EADDRNOTAVAIL;
+ error = in6_selectsrc(dstsock, optp, in6p, NULL, so->so_cred,
+ &oifp, &in6a);
+ if (error)
goto bad;
- }
- error = prison_get_ip6(in6p->inp_cred, in6a);
+ error = prison_get_ip6(in6p->inp_cred, &in6a);
if (error != 0)
goto bad;
- ip6->ip6_src = *in6a;
+ ip6->ip6_src = in6a;
if (oifp && scope_ambiguous) {
/*
@@ -757,7 +755,7 @@ rip6_connect(struct socket *so, struct s
INIT_VNET_INET6(so->so_vnet);
struct inpcb *inp;
struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam;
- struct in6_addr *in6a = NULL;
+ struct in6_addr in6a;
struct ifnet *ifp = NULL;
int error = 0, scope_ambiguous = 0;
@@ -787,13 +785,12 @@ rip6_connect(struct socket *so, struct s
INP_INFO_WLOCK(&V_ripcbinfo);
INP_WLOCK(inp);
/* Source address selection. XXX: need pcblookup? */
- in6a = in6_selectsrc(addr, inp->in6p_outputopts,
- inp, NULL, so->so_cred,
- &ifp, &error);
- if (in6a == NULL) {
+ error = in6_selectsrc(addr, inp->in6p_outputopts,
+ inp, NULL, so->so_cred, &ifp, &in6a);
+ if (error) {
INP_WUNLOCK(inp);
INP_INFO_WUNLOCK(&V_ripcbinfo);
- return (error ? error : EADDRNOTAVAIL);
+ return (error);
}
/* XXX: see above */
@@ -804,7 +801,7 @@ rip6_connect(struct socket *so, struct s
return (error);
}
inp->in6p_faddr = addr->sin6_addr;
- inp->in6p_laddr = *in6a;
+ inp->in6p_laddr = in6a;
soisconnected(so);
INP_WUNLOCK(inp);
INP_INFO_WUNLOCK(&V_ripcbinfo);
Modified: head/sys/netinet6/udp6_usrreq.c
==============================================================================
--- head/sys/netinet6/udp6_usrreq.c Tue Jun 23 22:08:25 2009
(r194776)
+++ head/sys/netinet6/udp6_usrreq.c Tue Jun 23 22:08:55 2009
(r194777)
@@ -552,7 +552,7 @@ udp6_output(struct inpcb *inp, struct mb
u_int32_t plen = sizeof(struct udphdr) + ulen;
struct ip6_hdr *ip6;
struct udphdr *udp6;
- struct in6_addr *laddr, *faddr;
+ struct in6_addr *laddr, *faddr, in6a;
struct sockaddr_in6 *sin6 = NULL;
struct ifnet *oifp = NULL;
int scope_ambiguous = 0;
@@ -650,13 +650,16 @@ udp6_output(struct inpcb *inp, struct mb
}
if (!IN6_IS_ADDR_V4MAPPED(faddr)) {
- laddr = in6_selectsrc(sin6, optp, inp, NULL,
- td->td_ucred, &oifp, &error);
+ error = in6_selectsrc(sin6, optp, inp, NULL,
+ td->td_ucred, &oifp, &in6a);
+ if (error)
+ goto release;
if (oifp && scope_ambiguous &&
(error = in6_setscope(&sin6->sin6_addr,
oifp, NULL))) {
goto release;
}
+ laddr = &in6a;
} else
laddr = &inp->in6p_laddr; /* XXX */
if (laddr == NULL) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
