Make net.inet.ip.portrange.reservedhigh and

net.inet.ip.portrange.reservedlow apply to IPv6 aswell as IPv4.

We could have made new sysctls for IPv6, but that potentially makes
things complicated for mapped addresses. This seems like the least
confusing option and least likely to cause obscure problems in the
future.

This change makes the mac_portacl module useful with IPv6 apps.

Reviewed by:	ume
MFC after:	1 month
This commit is contained in:
David Malone 2006-03-19 11:48:48 +00:00
parent e675705966
commit fcd1001c63
2 changed files with 4 additions and 1 deletions

View File

@ -329,6 +329,8 @@ struct inpcbinfo { /* XXX documentation, prefixes */
#define INP_CHECK_SOCKAF(so, af) (INP_SOCKAF(so) == af)
#ifdef _KERNEL
extern int ipport_reservedhigh;
extern int ipport_reservedlow;
extern int ipport_lowfirstauto;
extern int ipport_lowlastauto;
extern int ipport_firstauto;

View File

@ -188,7 +188,8 @@ in6_pcbbind(inp, nam, cred)
struct inpcb *t;
/* GROSS */
if (ntohs(lport) < IPV6PORT_RESERVED &&
if (ntohs(lport) <= ipport_reservedhigh &&
ntohs(lport) >= ipport_reservedlow &&
suser_cred(cred, SUSER_ALLOWJAIL))
return (EACCES);
if (so->so_cred->cr_uid != 0 &&