Diffusion FreeBSD src repository eb8dcdeac22d

jail: network epoch protection for IP address lists
eb8dcdeac22d
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

jail: network epoch protection for IP address lists

Now struct prison has two pointers (IPv4 and IPv6) of struct
prison_ip type. Each points into epoch context, address count
and variable size array of addresses. These structures are
freed with network epoch deferred free and are not edited in
place, instead a new structure is allocated and set.

While here, the change also generalizes a lot (but not enough)
of IPv4 and IPv6 processing. E.g. address family agnostic helpers
for kern_jail_set() are provided, that reduce v4-v6 copy-paste.

The fast-path prison_check_ip[46]_locked() is also generalized
into prison_ip_check() that can be executed with network epoch
protection only.

Reviewed by: jamie
Differential revision: https://reviews.freebsd.org/D33339

Details

Provenance

Authored on Dec 26 2021, 6:45 PM

Reviewer

Differential Revision

D33339: jail: network epoch protection for IP address lists

Parents

rG9df53d07e6bc: clk: add call for nodes to get the programmed/decided frequency passed back

Branches

Unknown

Tags

Unknown

Event Timeline

glebius committed rGeb8dcdeac22d: jail: network epoch protection for IP address lists (authored by glebius).Dec 26 2021, 6:45 PM

glebius added an edge: D33339: jail: network epoch protection for IP address lists.

zlei mentioned this in D37732: jail: Fix output of IPv[46] addresses of DDB `show prison`.Dec 18 2022, 11:09 AM

zlei mentioned this in rG21ad3e27fabc: jail: Fix output of IPv[46] addresses of DDB `show prison`.Dec 21 2022, 1:59 AM

zlei mentioned this in D37871: jail: Fix wrong IPv[46] addresses inherited from parent jail.Dec 25 2022, 5:49 PM

zlei mentioned this in D37872: jail: Properly restrict the child jail's IPv[46] addresses.Dec 25 2022, 6:05 PM

zlei mentioned this in D37906: jail: Fix regression panic from eb8dcdeac22d.Dec 30 2022, 4:18 AM

zlei mentioned this in D37918: jail: Avoid multipurpose return value of function prison_ip_restrict().Dec 31 2022, 7:58 AM

zlei mentioned this in rGddbf879d79d4: jail: Correctly access IPv[46] addresses of prison_ip.Jan 13 2023, 10:46 AM

zlei mentioned this in rG89ddfbbac84c: jail: Fix regression panic from eb8dcdeac22d.

zlei mentioned this in rG8bce8d28abe6: jail: Avoid multipurpose return value of function prison_ip_restrict().

Changes (5)

Path

Size

sys/

kern/

netinet/

netinet6/

sys/

rGeb8dcdeac22d

sys/kern/kern_jail.c

Loading...

sys/netinet/in.c

Loading...

sys/netinet/in_jail.c

Loading...

sys/netinet6/in6_jail.c

Loading...

sys/sys/jail.h

Loading...