Author: hrs
Date: Mon Sep 15 07:20:40 2014
New Revision: 271610
URL: http://svnweb.freebsd.org/changeset/base/271610
Log:
Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and
net.inet.ip.process_options vnet-aware. Revert changes in r271545.
Suggested by: bz
Modified:
head/etc/rc.d/routing
head/sys/netinet/ip_fastfwd.c
head/sys/netinet/ip_options.c
head/sys/netinet/ip_options.h
Modified: head/etc/rc.d/routing
==============================================================================
--- head/etc/rc.d/routing Mon Sep 15 06:21:28 2014 (r271609)
+++ head/etc/rc.d/routing Mon Sep 15 07:20:40 2014 (r271610)
@@ -326,22 +326,20 @@ options_inet()
${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
fi
- if ! check_jail vnet; then
- if checkyesno forward_sourceroute; then
- ropts_init inet
- echo -n ' do source routing=YES'
- ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
- fi
-
- if checkyesno accept_sourceroute; then
- ropts_init inet
- echo -n ' accept source routing=YES'
- ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
- fi
+ if checkyesno forward_sourceroute; then
+ ropts_init inet
+ echo -n ' do source routing=YES'
+ ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
+ fi
+
+ if checkyesno accept_sourceroute; then
+ ropts_init inet
+ echo -n ' accept source routing=YES'
+ ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
fi
if checkyesno arpproxy_all; then
Modified: head/sys/netinet/ip_fastfwd.c
==============================================================================
--- head/sys/netinet/ip_fastfwd.c Mon Sep 15 06:21:28 2014
(r271609)
+++ head/sys/netinet/ip_fastfwd.c Mon Sep 15 07:20:40 2014
(r271610)
@@ -296,9 +296,9 @@ ip_fastforward(struct mbuf *m)
* Only IP packets without options
*/
if (ip->ip_hl != (sizeof(struct ip) >> 2)) {
- if (ip_doopts == 1)
+ if (V_ip_doopts == 1)
return m;
- else if (ip_doopts == 2) {
+ else if (V_ip_doopts == 2) {
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_FILTER_PROHIB,
0, 0);
return NULL; /* mbuf already free'd */
Modified: head/sys/netinet/ip_options.c
==============================================================================
--- head/sys/netinet/ip_options.c Mon Sep 15 06:21:28 2014
(r271609)
+++ head/sys/netinet/ip_options.c Mon Sep 15 07:20:40 2014
(r271610)
@@ -65,18 +65,21 @@ __FBSDID("$FreeBSD$");
#include <sys/socketvar.h>
-static int ip_dosourceroute = 0;
-SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW,
- &ip_dosourceroute, 0, "Enable forwarding source routed IP packets");
-
-static int ip_acceptsourceroute = 0;
-SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute,
- CTLFLAG_RW, &ip_acceptsourceroute, 0,
+static VNET_DEFINE(int, ip_dosourceroute);
+SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW,
+ &VNET_NAME(ip_dosourceroute), 0,
+ "Enable forwarding source routed IP packets");
+#define V_ip_dosourceroute VNET(ip_dosourceroute)
+
+static VNET_DEFINE(int, ip_acceptsourceroute);
+SYSCTL_VNET_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute,
+ CTLFLAG_RW, &VNET_NAME(ip_acceptsourceroute), 0,
"Enable accepting source routed IP packets");
+#define V_ip_acceptsourceroute VNET(ip_acceptsourceroute)
-int ip_doopts = 1; /* 0 = ignore, 1 = process, 2 = reject */
-SYSCTL_INT(_net_inet_ip, OID_AUTO, process_options, CTLFLAG_RW,
- &ip_doopts, 0, "Enable IP options processing ([LS]SRR, RR, TS)");
+VNET_DEFINE(int, ip_doopts) = 1; /* 0 = ignore, 1 = process, 2 = reject */
+SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, process_options, CTLFLAG_RW,
+ &VNET_NAME(ip_doopts), 0, "Enable IP options processing ([LS]SRR, RR,
TS)");
static void save_rte(struct mbuf *m, u_char *, struct in_addr);
@@ -104,9 +107,9 @@ ip_dooptions(struct mbuf *m, int pass)
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
/* Ignore or reject packets with IP options. */
- if (ip_doopts == 0)
+ if (V_ip_doopts == 0)
return 0;
- else if (ip_doopts == 2) {
+ else if (V_ip_doopts == 2) {
type = ICMP_UNREACH;
code = ICMP_UNREACH_FILTER_PROHIB;
goto bad;
@@ -167,7 +170,7 @@ ip_dooptions(struct mbuf *m, int pass)
code = ICMP_UNREACH_SRCFAIL;
goto bad;
}
- if (!ip_dosourceroute)
+ if (!V_ip_dosourceroute)
goto nosourcerouting;
/*
* Loose routing, and not at next destination
@@ -180,7 +183,7 @@ ip_dooptions(struct mbuf *m, int pass)
/*
* End of source route. Should be for us.
*/
- if (!ip_acceptsourceroute)
+ if (!V_ip_acceptsourceroute)
goto nosourcerouting;
save_rte(m, cp, ip->ip_src);
break;
@@ -189,7 +192,7 @@ ip_dooptions(struct mbuf *m, int pass)
if (V_ipstealth)
goto dropit;
#endif
- if (!ip_dosourceroute) {
+ if (!V_ip_dosourceroute) {
if (V_ipforwarding) {
char buf[16]; /* aaa.bbb.ccc.ddd\0 */
/*
Modified: head/sys/netinet/ip_options.h
==============================================================================
--- head/sys/netinet/ip_options.h Mon Sep 15 06:21:28 2014
(r271609)
+++ head/sys/netinet/ip_options.h Mon Sep 15 07:20:40 2014
(r271610)
@@ -47,7 +47,8 @@ struct ipopt_tag {
struct ipoptrt ip_srcrt;
};
-extern int ip_doopts; /* process or ignore IP options */
+VNET_DECLARE(int, ip_doopts); /* process or ignore IP options */
+#define V_ip_doopts VNET(ip_doopts)
int ip_checkrouteralert(struct mbuf *);
int ip_dooptions(struct mbuf *, int);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
