Changeset 36e8ad4 in rtems-libbsd for rtemsbsd/rtems/rtems-kernel-jail.c


Ignore:
Timestamp:
May 10, 2019, 1:59:04 PM (2 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
5, master
Children:
7801010
Parents:
5da04d6
git-author:
Sebastian Huber <sebastian.huber@…> (05/10/19 13:59:04)
git-committer:
Sebastian Huber <sebastian.huber@…> (05/13/19 07:32:37)
Message:

Use static inline functions for jail and prison

This helps the compiler to optimize away dead code.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • rtemsbsd/rtems/rtems-kernel-jail.c

    r5da04d6 r36e8ad4  
    107107};
    108108MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
    109 
    110 /*
    111  * See if a prison has the specific flag set.
    112  */
    113 int
    114 prison_flag(struct ucred *cred, unsigned flag)
    115 {
    116   /* This is an atomic read, so no locking is necessary. */
    117   return (prison0.pr_flags & flag);
    118 }
    119 
    120 void
    121 prison_free(struct prison *pr)
    122 {
    123 }
    124 
    125 void
    126 prison_hold(struct prison *pr)
    127 {
    128 }
    129 
    130 /*
    131  * Check if given address belongs to the jail referenced by cred (wrapper to
    132  * prison_check_ip[46]).
    133  *
    134  * Returns 0 if jail doesn't restrict the address family or if address belongs
    135  * to jail, EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if
    136  * the jail doesn't allow the address family.  IPv4 Address passed in in NBO.
    137  */
    138 int
    139 prison_if(struct ucred *cred, struct sockaddr *sa)
    140 {
    141   return 0;
    142 }
    143 
    144 /*
    145  * Return 1 if we should do proper source address selection or are not jailed.
    146  * We will return 0 if we should bypass source address selection in favour
    147  * of the primary jail IPv6 address. Only in this case *ia will be updated and
    148  * returned in NBO.
    149  * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
    150  */
    151 int
    152 prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
    153 {
    154   return EAFNOSUPPORT;
    155 }
    156 
    157 /*
    158  * Check if given address belongs to the jail referenced by cred/prison.
    159  *
    160  * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
    161  * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
    162  * doesn't allow IPv4.  Address passed in in NBO.
    163  */
    164 int
    165 prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
    166 {
    167   return 0;
    168 }
    169 
    170 /*
    171  * Assuming 0 means no restrictions.
    172  *
    173  * NOTE: RTEMS does not restrict via a jail so return 0.
    174  */
    175 int
    176 prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
    177 {
    178   return 0;
    179 }
    180 
    181 /*
    182  * Make sure our (source) address is set to something meaningful to this
    183  * jail.
    184  *
    185  * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
    186  * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
    187  * doesn't allow IPv4.  Address passed in in NBO and returned in NBO.
    188  */
    189 int
    190 prison_local_ip4(struct ucred *cred, struct in_addr *ia)
    191 {
    192   return 0;
    193 }
    194 
    195 /*
    196  * Rewrite destination address in case we will connect to loopback address.
    197  *
    198  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
    199  * Address passed in in NBO and returned in NBO.
    200  */
    201 int
    202 prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
    203 {
    204   return 0;
    205 }
    206 
    207 /*
    208  * Make sure our (source) address is set to something meaningful to this jail.
    209  *
    210  * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
    211  * when needed while binding.
    212  *
    213  * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
    214  * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
    215  * doesn't allow IPv6.
    216  *
    217  * NOTE: RTEMS does not restrict via a jail so return 0.
    218  */
    219 int
    220 prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
    221 {
    222   return 0;
    223 }
    224 
    225 /*
    226  * Rewrite destination address in case we will connect to loopback address.
    227  *
    228  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
    229  *
    230  * NOTE: RTEMS does not restrict via a jail so return 0.
    231  */
    232 int
    233 prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
    234 {
    235   return 0;
    236 }
    237 
    238 /*
    239  * Return 1 if we should do proper source address selection or are not jailed.
    240  * We will return 0 if we should bypass source address selection in favour
    241  * of the primary jail IPv4 address. Only in this case *ia will be updated and
    242  * returned in NBO.
    243  * Return EAFNOSUPPORT, in case this jail does not allow IPv4.
    244  */
    245 int
    246 prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
    247 {
    248   return 1;
    249 }
    250 
    251 /*
    252  * Pass back primary IPv4 address of this jail.
    253  *
    254  * If not restricted return success but do not alter the address.  Caller has
    255  * to make sure to initialize it correctly (e.g. INADDR_ANY).
    256  *
    257  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
    258  * Address returned in NBO.
    259  */
    260 int
    261 prison_get_ip4(struct ucred *cred, struct in_addr *ia)
    262 {
    263   return 0;
    264 }
    265 
    266 /*
    267  * Return 1 if the passed credential is in a jail and that jail does not
    268  * have its own virtual network stack, otherwise 0.
    269  */
    270 int
    271 jailed_without_vnet(struct ucred *cred)
    272 {
    273   return 0;
    274 }
    275 
    276 /*
    277  * Pass back primary IPv6 address for this jail.
    278  *
    279  * If not restricted return success but do not alter the address.  Caller has
    280  * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
    281  *
    282  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
    283  */
    284 int
    285 prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
    286 {
    287   return 0;
    288 }
    289 /*
    290  * Return 0 if jails permit p1 to frob p2, otherwise ESRCH.
    291  */
    292 int
    293 prison_check(struct ucred *cred1, struct ucred *cred2)
    294 {
    295   return 0;
    296 }
    297 
    298 /*
    299  * Check if a jail supports the given address family.
    300  *
    301  * Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT
    302  * if not.
    303  */
    304 int
    305 prison_check_af(struct ucred *cred, int af)
    306 {
    307   return 0;
    308 }
    309 
    310 /*
    311  * Return the correct hostname (domainname, et al) for the passed credential.
    312  */
    313 void
    314 getcredhostname(struct ucred *cred, char *buf, size_t size)
    315 {
    316   gethostname(buf, size);
    317 }
    318 
    319 void
    320 getcreddomainname(struct ucred *cred, char *buf, size_t size)
    321 {
    322   getdomainname(buf, size);
    323 }
    324 
    325 void
    326 getcredhostid(struct ucred *cred, unsigned long *hostid)
    327 {
    328   *hostid = 0;
    329 }
    330 
    331 /*
    332  * Return 1 if the passed credential is in a jail, otherwise 0.
    333  */
    334 int
    335 jailed(struct ucred *cred)
    336 {
    337   return 0;
    338 }
Note: See TracChangeset for help on using the changeset viewer.