don't let anything outside route.c access the routing table heads directly,

but go through a provided wrapper.
also provide rt_lookup() instead of doing the lookup manually in many places.
ryan ok

4 files changed, 34 insertions, 25 deletions

diff --git a/sys/net/if.c b/sys/net/if.c
index c7d12ad3f0e..3aa81a74595 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if.c,v 1.138 2005/11/25 13:45:02 henning Exp $	*/
+/*	$OpenBSD: if.c,v 1.139 2005/11/27 16:22:45 henning Exp $	*/
 /*	$NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $	*/
 
 /*
@@ -1750,7 +1750,6 @@ if_group_egress_build(void)
 #ifdef INET6
 	struct sockaddr_in6	 sa_in6;
 #endif
-	struct radix_node_head	*rnh;
 	struct radix_node	*rn;
 	struct rtentry		*rt;
 
@@ -1764,42 +1763,34 @@ if_group_egress_build(void)
 			if_delgroup(ifgm->ifgm_ifp, IFG_EGRESS);
 		}
 
-	if ((rnh = rt_tables[AF_INET]) == NULL)
-		return (-1);
-
 	bzero(&sa_in, sizeof(sa_in));
 	sa_in.sin_len = sizeof(sa_in);
 	sa_in.sin_family = AF_INET;
-	if ((rn = rnh->rnh_lookup(&sa_in, &sa_in, rnh))) {
+	if ((rn = rt_lookup(sintosa(&sa_in), sintosa(&sa_in), 0)) != NULL) {
 		do {
 			rt = (struct rtentry *)rn;
 			if (rt->rt_ifp)
 				if_addgroup(rt->rt_ifp, IFG_EGRESS);
 #ifndef SMALL_KERNEL
-			if (rn_mpath_capable(rnh))
-				rn = rn_mpath_next(rn);
-			else
+			rn = rn_mpath_next(rn);
+#else
+			rn = NULL;
 #endif
-				rn = NULL;
 		} while (rn != NULL);
 	}
 
 #ifdef INET6
-	if ((rnh = rt_tables[AF_INET6]) == NULL)
-		return (-1);
-
 	bcopy(&sa6_any, &sa_in6, sizeof(sa_in6));
-	if ((rn = rnh->rnh_lookup(&sa_in6, &sa_in6, rnh))) {
+	if ((rn = rt_lookup(sin6tosa(&sa_in6), sin6tosa(&sa_in6), 0)) != NULL) {
 		do {
 			rt = (struct rtentry *)rn;
 			if (rt->rt_ifp)
 				if_addgroup(rt->rt_ifp, IFG_EGRESS);
 #ifndef SMALL_KERNEL
-			if (rn_mpath_capable(rnh))
-				rn = rn_mpath_next(rn);
-			else
+			rn = rn_mpath_next(rn);
+#else
+			rn = NULL;
 #endif
-				rn = NULL;
 		} while (rn != NULL);
 	}
 #endif
diff --git a/sys/net/route.c b/sys/net/route.c
index 8382d634d71..5b721c5698a 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.c,v 1.58 2005/11/25 13:45:02 henning Exp $	*/
+/*	$OpenBSD: route.c,v 1.59 2005/11/27 16:22:45 henning Exp $	*/
 /*	$NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $	*/
 
 /*
@@ -1280,3 +1280,19 @@ rt_if_remove_rtdelete(struct radix_node *rn, void *vifp)
 	return (0);
 }
 
+struct radix_node_head *
+rt_gettable(sa_family_t af, int id)
+{
+	/* ignore id for now */
+	return (rt_tables[af]);
+}
+
+struct radix_node *
+rt_lookup(struct sockaddr *dst, struct sockaddr *mask, int tableid)
+{
+	struct radix_node_head	*rnh;
+
+	rnh = rt_gettable(dst->sa_family, tableid);
+
+	return (rnh->rnh_lookup(dst, mask, rnh));
+}
diff --git a/sys/net/route.h b/sys/net/route.h
index dd15a362b2f..d6a3d2b1992 100644
--- a/sys/net/route.h
+++ b/sys/net/route.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.h,v 1.32 2005/11/25 13:45:02 henning Exp $	*/
+/*	$OpenBSD: route.h,v 1.33 2005/11/27 16:22:45 henning Exp $	*/
 /*	$NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $	*/
 
 /*
@@ -299,7 +299,6 @@ void		 rtlabel_unref(u_int16_t);
 
 extern struct route_cb route_cb;
 extern struct rtstat rtstat;
-extern struct radix_node_head *rt_tables[];
 extern const struct sockaddr_rtin rt_defmask4;
 
 struct	socket;
@@ -348,5 +347,8 @@ int	 rtrequest(int, struct sockaddr *,
 int	 rtrequest1(int, struct rt_addrinfo *, struct rtentry **);
 void	 rt_if_remove(struct ifnet *);
 
+struct radix_node_head	*rt_gettable(sa_family_t, int);
+struct radix_node	*rt_lookup(struct sockaddr *, struct sockaddr *, int);
+
 #endif /* _KERNEL */
 #endif /* _NET_ROUTE_H_ */
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index f550f99404b..8a6f5b18b6f 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsock.c,v 1.48 2005/06/08 06:43:07 henning Exp $	*/
+/*	$OpenBSD: rtsock.c,v 1.49 2005/11/27 16:22:45 henning Exp $	*/
 /*	$NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $	*/
 
 /*
@@ -262,11 +262,11 @@ route_output(struct mbuf *m, ...)
 	case RTM_GET:
 	case RTM_CHANGE:
 	case RTM_LOCK:
-		if ((rnh = rt_tables[dst->sa_family]) == 0) {
+		if (rt_gettable(dst->sa_family, 0) == NULL) {
 			error = EAFNOSUPPORT;
 			goto flush;
 		}
-		rn = rnh->rnh_lookup(dst, netmask, rnh);
+		rn = rt_lookup(dst, netmask, 0);
 		if (rn == NULL || (rn->rn_flags & RNF_ROOT) != 0) {
 			error = ESRCH;
 			goto flush;
@@ -904,7 +904,7 @@ sysctl_rtable(int *name, u_int namelen, void *where, size_t *given, void *new,
 	case NET_RT_DUMP:
 	case NET_RT_FLAGS:
 		for (i = 1; i <= AF_MAX; i++)
-			if ((rnh = rt_tables[i]) && (af == 0 || af == i) &&
+			if ((rnh = rt_gettable(i, 0)) && (af == 0 || af == i) &&
 			    (error = (*rnh->rnh_walktree)(rnh,
 			    sysctl_dumpentry, &w)))
 				break;