summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2018-05-06 14:03:04 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2018-05-06 14:03:04 +0000
commit818bc06b6ff30aef0ce464b79c78f4712b63584b (patch)
tree9da34db5e975b6f170b9057f896efd8307fd31d6 /sys
parent522dbdcf3aa3868eb34130d7a37f77b1e268b01d (diff)
Continue refactoring and cleanup of in6_ioctl().
Hoist privilege check to the top and split out handling of SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 into a separate function. Merge tangled switches and simplify the code paths. tested by hrvoje ok visa
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet6/in6.c72
1 files changed, 40 insertions, 32 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 82d1c23d4ae..8994c74ee8a 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in6.c,v 1.224 2018/05/04 19:43:07 tb Exp $ */
+/* $OpenBSD: in6.c,v 1.225 2018/05/06 14:03:03 tb Exp $ */
/* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */
/*
@@ -116,6 +116,7 @@ const struct in6_addr in6mask96 = IN6MASK96;
const struct in6_addr in6mask128 = IN6MASK128;
int in6_ioctl(u_long, caddr_t, struct ifnet *, int);
+int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *);
int in6_ioctl_get(u_long, caddr_t, struct ifnet *);
int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
@@ -206,12 +207,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
int
in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
{
- struct in6_ifreq *ifr = (struct in6_ifreq *)data;
- struct in6_ifaddr *ia6 = NULL;
- struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
- struct sockaddr_in6 *sa6;
- int error = 0;
-
if (ifp == NULL)
return (ENXIO);
@@ -225,11 +220,10 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
case SIOCGIFALIFETIME_IN6:
return (in6_ioctl_get(cmd, data, ifp));
case SIOCAIFADDR_IN6:
- sa6 = &ifra->ifra_addr;
- break;
case SIOCDIFADDR_IN6:
- sa6 = &ifr->ifr_addr;
- break;
+ if (!privileged)
+ return (EPERM);
+ return (in6_ioctl_change_ifaddr(cmd, data, ifp));
case SIOCSIFADDR:
case SIOCSIFDSTADDR:
case SIOCSIFBRDADDR:
@@ -242,6 +236,16 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
default:
return (EOPNOTSUPP);
}
+}
+
+int
+in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp)
+{
+ struct in6_ifreq *ifr = (struct in6_ifreq *)data;
+ struct in6_ifaddr *ia6 = NULL;
+ struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
+ struct sockaddr_in6 *sa6;
+ int error = 0, newifaddr = 0, plen;
/*
* Find address for this interface, if it exists.
@@ -255,6 +259,16 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
* presence of ifra_addr, and reject invalid ones here.
* It also decreases duplicated code among SIOC*_IN6 operations.
*/
+ switch (cmd) {
+ case SIOCAIFADDR_IN6:
+ sa6 = &ifra->ifra_addr;
+ break;
+ case SIOCDIFADDR_IN6:
+ sa6 = &ifr->ifr_addr;
+ break;
+ default:
+ panic("unknown ioctl %lu", cmd);
+ }
NET_LOCK();
@@ -279,8 +293,7 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
}
}
ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
- } else
- ia6 = NULL;
+ }
switch (cmd) {
case SIOCDIFADDR_IN6:
@@ -293,10 +306,8 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
*/
if (ia6 == NULL) {
error = EADDRNOTAVAIL;
- goto err;
+ break;
}
- /* FALLTHROUGH */
- case SIOCAIFADDR_IN6:
/*
* We always require users to specify a valid IPv6 address for
* the corresponding operation.
@@ -304,19 +315,22 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
if (ifra->ifra_addr.sin6_family != AF_INET6 ||
ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
error = EAFNOSUPPORT;
- goto err;
- }
- if (!privileged) {
- error = EPERM;
- goto err;
+ break;
}
+ in6_purgeaddr(&ia6->ia_ifa);
+ dohooks(ifp->if_addrhooks, 0);
break;
- }
- switch (cmd) {
case SIOCAIFADDR_IN6:
- {
- int plen, newifaddr = 0;
+ /*
+ * We always require users to specify a valid IPv6 address for
+ * the corresponding operation.
+ */
+ if (ifra->ifra_addr.sin6_family != AF_INET6 ||
+ ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
+ error = EAFNOSUPPORT;
+ break;
+ }
/* reject read-only flags */
if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 ||
@@ -383,12 +397,6 @@ in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
break;
}
- case SIOCDIFADDR_IN6:
- in6_purgeaddr(&ia6->ia_ifa);
- dohooks(ifp->if_addrhooks, 0);
- break;
- }
-
err:
NET_UNLOCK();
return (error);
@@ -435,7 +443,7 @@ in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp)
goto err;
}
- switch(cmd) {
+ switch (cmd) {
case SIOCGIFDSTADDR_IN6:
if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
error = EINVAL;