989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
89 lines
2.8 KiB
Diff
89 lines
2.8 KiB
Diff
Index: sys/net/if.c
|
|
===================================================================
|
|
--- sys/net/if.c (revision 254941)
|
|
+++ sys/net/if.c (working copy)
|
|
@@ -2553,11 +2553,23 @@
|
|
CURVNET_RESTORE();
|
|
return (EOPNOTSUPP);
|
|
}
|
|
+
|
|
+ /*
|
|
+ * Pass the request on to the socket control method, and if the
|
|
+ * latter returns EOPNOTSUPP, directly to the interface.
|
|
+ *
|
|
+ * Make an exception for the legacy SIOCSIF* requests. Drivers
|
|
+ * trust SIOCSIFADDR et al to come from an already privileged
|
|
+ * layer, and do not perform any credentials checks or input
|
|
+ * validation.
|
|
+ */
|
|
#ifndef COMPAT_43
|
|
error = ((*so->so_proto->pr_usrreqs->pru_control)(so, cmd,
|
|
data,
|
|
ifp, td));
|
|
- if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL)
|
|
+ if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL &&
|
|
+ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR &&
|
|
+ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK)
|
|
error = (*ifp->if_ioctl)(ifp, cmd, data);
|
|
#else
|
|
{
|
|
@@ -2601,7 +2613,9 @@
|
|
data,
|
|
ifp, td));
|
|
if (error == EOPNOTSUPP && ifp != NULL &&
|
|
- ifp->if_ioctl != NULL)
|
|
+ ifp->if_ioctl != NULL &&
|
|
+ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR &&
|
|
+ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK)
|
|
error = (*ifp->if_ioctl)(ifp, cmd, data);
|
|
switch (ocmd) {
|
|
|
|
Index: sys/netinet6/in6.c
|
|
===================================================================
|
|
--- sys/netinet6/in6.c (revision 254941)
|
|
+++ sys/netinet6/in6.c (working copy)
|
|
@@ -431,6 +431,18 @@
|
|
case SIOCGIFSTAT_ICMP6:
|
|
sa6 = &ifr->ifr_addr;
|
|
break;
|
|
+ case SIOCSIFADDR:
|
|
+ case SIOCSIFBRDADDR:
|
|
+ case SIOCSIFDSTADDR:
|
|
+ case SIOCSIFNETMASK:
|
|
+ /*
|
|
+ * Although we should pass any non-INET6 ioctl requests
|
|
+ * down to driver, we filter some legacy INET requests.
|
|
+ * Drivers trust SIOCSIFADDR et al to come from an already
|
|
+ * privileged layer, and do not perform any credentials
|
|
+ * checks or input validation.
|
|
+ */
|
|
+ return (EINVAL);
|
|
default:
|
|
sa6 = NULL;
|
|
break;
|
|
Index: sys/netnatm/natm.c
|
|
===================================================================
|
|
--- sys/netnatm/natm.c (revision 254941)
|
|
+++ sys/netnatm/natm.c (working copy)
|
|
@@ -339,6 +339,21 @@
|
|
npcb = (struct natmpcb *)so->so_pcb;
|
|
KASSERT(npcb != NULL, ("natm_usr_control: npcb == NULL"));
|
|
|
|
+ switch (cmd) {
|
|
+ case SIOCSIFADDR:
|
|
+ case SIOCSIFBRDADDR:
|
|
+ case SIOCSIFDSTADDR:
|
|
+ case SIOCSIFNETMASK:
|
|
+ /*
|
|
+ * Although we should pass any non-ATM ioctl requests
|
|
+ * down to driver, we filter some legacy INET requests.
|
|
+ * Drivers trust SIOCSIFADDR et al to come from an already
|
|
+ * privileged layer, and do not perform any credentials
|
|
+ * checks or input validation.
|
|
+ */
|
|
+ return (EINVAL);
|
|
+ }
|
|
+
|
|
if (ifp == NULL || ifp->if_ioctl == NULL)
|
|
return (EOPNOTSUPP);
|
|
return ((*ifp->if_ioctl)(ifp, cmd, arg));
|