Make net.inet.ip.portrange.reservedhigh and

net.inet.ip.portrange.reservedlow apply to IPv6 aswell as IPv4. We could have made new sysctls for IPv6, but that potentially makes things complicated for mapped addresses. This seems like the least confusing option and least likely to cause obscure problems in the future. This change makes the mac_portacl module useful with IPv6 apps. Reviewed by: ume MFC after: 1 month
2006-03-19 11:48:48 +00:00 · 2006-03-19 11:48:48 +00:00 · 2dd230f5c3
commit 2dd230f5c3
parent 5990508a15
2 changed files with 4 additions and 1 deletions
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@ -329,6 +329,8 @@ struct inpcbinfo {		/* XXX documentation, prefixes */
 #define	INP_CHECK_SOCKAF(so, af)	(INP_SOCKAF(so) == af)

 #ifdef _KERNEL
+extern int	ipport_reservedhigh;
+extern int	ipport_reservedlow;
 extern int	ipport_lowfirstauto;
 extern int	ipport_lowlastauto;
 extern int	ipport_firstauto;
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@ -188,7 +188,8 @@ in6_pcbbind(inp, nam, cred)
 			struct inpcb *t;

 			/* GROSS */
-			if (ntohs(lport) < IPV6PORT_RESERVED &&
+			if (ntohs(lport) <= ipport_reservedhigh &&
+			    ntohs(lport) >= ipport_reservedlow &&
 			    suser_cred(cred, SUSER_ALLOWJAIL))
 				return (EACCES);
 			if (so->so_cred->cr_uid != 0 &&