8b07e49a00
This particular implementation is designed to be fully backwards compatible and to be MFC-able to 7.x (and 6.x) Currently the only protocol that can make use of the multiple tables is IPv4 Similar functionality exists in OpenBSD and Linux. From my notes: ----- One thing where FreeBSD has been falling behind, and which by chance I have some time to work on is "policy based routing", which allows different packet streams to be routed by more than just the destination address. Constraints: ------------ I want to make some form of this available in the 6.x tree (and by extension 7.x) , but FreeBSD in general needs it so I might as well do it in -current and back port the portions I need. One of the ways that this can be done is to have the ability to instantiate multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons). Which FIB a particular packet uses to make the next hop decision can be decided by a number of mechanisms. The policies these mechanisms implement are the "Policies" referred to in "Policy based routing". One of the constraints I have if I try to back port this work to 6.x is that it must be implemented as a EXTENSION to the existing ABIs in 6.x so that third party applications do not need to be recompiled in timespan of the branch. This first version will not have some of the bells and whistles that will come with later versions. It will, for example, be limited to 16 tables in the first commit. Implementation method, Compatible version. (part 1) ------------------------------- For this reason I have implemented a "sufficient subset" of a multiple routing table solution in Perforce, and back-ported it to 6.x. (also in Perforce though not always caught up with what I have done in -current/P4). The subset allows a number of FIBs to be defined at compile time (8 is sufficient for my purposes in 6.x) and implements the changes needed to allow IPV4 to use them. I have not done the changes for ipv6 simply because I do not need it, and I do not have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it. Other protocol families are left untouched and should there be users with proprietary protocol families, they should continue to work and be oblivious to the existence of the extra FIBs. To understand how this is done, one must know that the current FIB code starts everything off with a single dimensional array of pointers to FIB head structures (One per protocol family), each of which in turn points to the trie of routes available to that family. The basic change in the ABI compatible version of the change is to extent that array to be a 2 dimensional array, so that instead of protocol family X looking at rt_tables[X] for the table it needs, it looks at rt_tables[Y][X] when for all protocol families except ipv4 Y is always 0. Code that is unaware of the change always just sees the first row of the table, which of course looks just like the one dimensional array that existed before. The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign() are all maintained, but refer only to the first row of the array, so that existing callers in proprietary protocols can continue to do the "right thing". Some new entry points are added, for the exclusive use of ipv4 code called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(), which have an extra argument which refers the code to the correct row. In addition, there are some new entry points (currently called rtalloc_fib() and friends) that check the Address family being looked up and call either rtalloc() (and friends) if the protocol is not IPv4 forcing the action to row 0 or to the appropriate row if it IS IPv4 (and that info is available). These are for calling from code that is not specific to any particular protocol. The way these are implemented would change in the non ABI preserving code to be added later. One feature of the first version of the code is that for ipv4, the interface routes show up automatically on all the FIBs, so that no matter what FIB you select you always have the basic direct attached hosts available to you. (rtinit() does this automatically). You CAN delete an interface route from one FIB should you want to but by default it's there. ARP information is also available in each FIB. It's assumed that the same machine would have the same MAC address, regardless of which FIB you are using to get to it. This brings us as to how the correct FIB is selected for an outgoing IPV4 packet. Firstly, all packets have a FIB associated with them. if nothing has been done to change it, it will be FIB 0. The FIB is changed in the following ways. Packets fall into one of a number of classes. 1/ locally generated packets, coming from a socket/PCB. Such packets select a FIB from a number associated with the socket/PCB. This in turn is inherited from the process, but can be changed by a socket option. The process in turn inherits it on fork. I have written a utility call setfib that acts a bit like nice.. setfib -3 ping target.example.com # will use fib 3 for ping. It is an obvious extension to make it a property of a jail but I have not done so. It can be achieved by combining the setfib and jail commands. 2/ packets received on an interface for forwarding. By default these packets would use table 0, (or possibly a number settable in a sysctl(not yet)). but prior to routing the firewall can inspect them (see below). (possibly in the future you may be able to associate a FIB with packets received on an interface.. An ifconfig arg, but not yet.) 3/ packets inspected by a packet classifier, which can arbitrarily associate a fib with it on a packet by packet basis. A fib assigned to a packet by a packet classifier (such as ipfw) would over-ride a fib associated by a more default source. (such as cases 1 or 2). 4/ a tcp listen socket associated with a fib will generate accept sockets that are associated with that same fib. 5/ Packets generated in response to some other packet (e.g. reset or icmp packets). These should use the FIB associated with the packet being reponded to. 6/ Packets generated during encapsulation. gif, tun and other tunnel interfaces will encapsulate using the FIB that was in effect withthe proces that set up the tunnel. thus setfib 1 ifconfig gif0 [tunnel instructions] will set the fib for the tunnel to use to be fib 1. Routing messages would be associated with their process, and thus select one FIB or another. messages from the kernel would be associated with the fib they refer to and would only be received by a routing socket associated with that fib. (not yet implemented) In addition Netstat has been edited to be able to cope with the fact that the array is now 2 dimensional. (It looks in system memory using libkvm (!)). Old versions of netstat see only the first FIB. In addition two sysctls are added to give: a) the number of FIBs compiled in (active) b) the default FIB of the calling process. Early testing experience: ------------------------- Basically our (IronPort's) appliance does this functionality already using ipfw fwd but that method has some drawbacks. For example, It can't fully simulate a routing table because it can't influence the socket's choice of local address when a connect() is done. Testing during the generating of these changes has been remarkably smooth so far. Multiple tables have co-existed with no notable side effects, and packets have been routes accordingly. ipfw has grown 2 new keywords: setfib N ip from anay to any count ip from any to any fib N In pf there seems to be a requirement to be able to give symbolic names to the fibs but I do not have that capacity. I am not sure if it is required. SCTP has interestingly enough built in support for this, called VRFs in Cisco parlance. it will be interesting to see how that handles it when it suddenly actually does something. Where to next: -------------------- After committing the ABI compatible version and MFCing it, I'd like to proceed in a forward direction in -current. this will result in some roto-tilling in the routing code. Firstly: the current code's idea of having a separate tree per protocol family, all of the same format, and pointed to by the 1 dimensional array is a bit silly. Especially when one considers that there is code that makes assumptions about every protocol having the same internal structures there. Some protocols don't WANT that sort of structure. (for example the whole idea of a netmask is foreign to appletalk). This needs to be made opaque to the external code. My suggested first change is to add routing method pointers to the 'domain' structure, along with information pointing the data. instead of having an array of pointers to uniform structures, there would be an array pointing to the 'domain' structures for each protocol address domain (protocol family), and the methods this reached would be called. The methods would have an argument that gives FIB number, but the protocol would be free to ignore it. When the ABI can be changed it raises the possibilty of the addition of a fib entry into the "struct route". Currently, the structure contains the sockaddr of the desination, and the resulting fib entry. To make this work fully, one could add a fib number so that given an address and a fib, one can find the third element, the fib entry. Interaction with the ARP layer/ LL layer would need to be revisited as well. Qing Li has been working on this already. This work was sponsored by Ironport Systems/Cisco Reviewed by: several including rwatson, bz and mlair (parts each) Obtained from: Ironport systems/Cisco
454 lines
13 KiB
C
454 lines
13 KiB
C
/*-
|
|
* Copyright (c) 1989, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
* (c) UNIX System Laboratories, Inc.
|
|
* All or some portions of this file are derived from material licensed
|
|
* to the University of California by American Telephone and Telegraph
|
|
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
|
|
* the permission of UNIX System Laboratories, Inc.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)vfs_subr.c 8.31 (Berkeley) 5/26/95
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/dirent.h>
|
|
#include <sys/domain.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/lock.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/mbuf.h>
|
|
#include <sys/mount.h>
|
|
#include <sys/mutex.h>
|
|
#include <sys/refcount.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/vnode.h>
|
|
|
|
#include <net/radix.h>
|
|
|
|
static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");
|
|
|
|
static void vfs_free_addrlist(struct netexport *nep);
|
|
static int vfs_free_netcred(struct radix_node *rn, void *w);
|
|
static int vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
|
|
struct export_args *argp);
|
|
static struct netcred *vfs_export_lookup(struct mount *, struct sockaddr *);
|
|
|
|
/*
|
|
* Network address lookup element
|
|
*/
|
|
struct netcred {
|
|
struct radix_node netc_rnodes[2];
|
|
int netc_exflags;
|
|
struct ucred netc_anon;
|
|
};
|
|
|
|
/*
|
|
* Network export information
|
|
*/
|
|
struct netexport {
|
|
struct netcred ne_defexported; /* Default export */
|
|
struct radix_node_head *ne_rtable[AF_MAX+1]; /* Individual exports */
|
|
};
|
|
|
|
/*
|
|
* Build hash lists of net addresses and hang them off the mount point.
|
|
* Called by ufs_mount() to set up the lists of export addresses.
|
|
*/
|
|
static int
|
|
vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
|
|
struct export_args *argp)
|
|
{
|
|
register struct netcred *np;
|
|
register struct radix_node_head *rnh;
|
|
register int i;
|
|
struct radix_node *rn;
|
|
struct sockaddr *saddr, *smask = 0;
|
|
struct domain *dom;
|
|
int error;
|
|
|
|
/*
|
|
* XXX: This routine converts from a `struct xucred'
|
|
* (argp->ex_anon) to a `struct ucred' (np->netc_anon). This
|
|
* operation is questionable; for example, what should be done
|
|
* with fields like cr_uidinfo and cr_prison? Currently, this
|
|
* routine does not touch them (leaves them as NULL).
|
|
*/
|
|
if (argp->ex_anon.cr_version != XUCRED_VERSION) {
|
|
vfs_mount_error(mp, "ex_anon.cr_version: %d != %d",
|
|
argp->ex_anon.cr_version, XUCRED_VERSION);
|
|
return (EINVAL);
|
|
}
|
|
|
|
if (argp->ex_addrlen == 0) {
|
|
if (mp->mnt_flag & MNT_DEFEXPORTED) {
|
|
vfs_mount_error(mp,
|
|
"MNT_DEFEXPORTED already set for mount %p", mp);
|
|
return (EPERM);
|
|
}
|
|
np = &nep->ne_defexported;
|
|
np->netc_exflags = argp->ex_flags;
|
|
bzero(&np->netc_anon, sizeof(np->netc_anon));
|
|
np->netc_anon.cr_uid = argp->ex_anon.cr_uid;
|
|
np->netc_anon.cr_ngroups = argp->ex_anon.cr_ngroups;
|
|
bcopy(argp->ex_anon.cr_groups, np->netc_anon.cr_groups,
|
|
sizeof(np->netc_anon.cr_groups));
|
|
refcount_init(&np->netc_anon.cr_ref, 1);
|
|
MNT_ILOCK(mp);
|
|
mp->mnt_flag |= MNT_DEFEXPORTED;
|
|
MNT_IUNLOCK(mp);
|
|
return (0);
|
|
}
|
|
|
|
#if MSIZE <= 256
|
|
if (argp->ex_addrlen > MLEN) {
|
|
vfs_mount_error(mp, "ex_addrlen %d is greater than %d",
|
|
argp->ex_addrlen, MLEN);
|
|
return (EINVAL);
|
|
}
|
|
#endif
|
|
|
|
i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen;
|
|
np = (struct netcred *) malloc(i, M_NETADDR, M_WAITOK | M_ZERO);
|
|
saddr = (struct sockaddr *) (np + 1);
|
|
if ((error = copyin(argp->ex_addr, saddr, argp->ex_addrlen)))
|
|
goto out;
|
|
if (saddr->sa_family == AF_UNSPEC || saddr->sa_family > AF_MAX) {
|
|
error = EINVAL;
|
|
vfs_mount_error(mp, "Invalid saddr->sa_family: %d");
|
|
goto out;
|
|
}
|
|
if (saddr->sa_len > argp->ex_addrlen)
|
|
saddr->sa_len = argp->ex_addrlen;
|
|
if (argp->ex_masklen) {
|
|
smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen);
|
|
error = copyin(argp->ex_mask, smask, argp->ex_masklen);
|
|
if (error)
|
|
goto out;
|
|
if (smask->sa_len > argp->ex_masklen)
|
|
smask->sa_len = argp->ex_masklen;
|
|
}
|
|
i = saddr->sa_family;
|
|
if ((rnh = nep->ne_rtable[i]) == NULL) {
|
|
/*
|
|
* Seems silly to initialize every AF when most are not used,
|
|
* do so on demand here
|
|
*/
|
|
for (dom = domains; dom; dom = dom->dom_next) {
|
|
KASSERT(((i == AF_INET) || (i == AF_INET6)),
|
|
("unexpected protocol in vfs_hang_addrlist"));
|
|
if (dom->dom_family == i && dom->dom_rtattach) {
|
|
/*
|
|
* XXX MRT
|
|
* The INET and INET6 domains know the
|
|
* offset already. We don't need to send it
|
|
* So we just use it as a flag to say that
|
|
* we are or are not setting up a real routing
|
|
* table. Only IP and IPV6 need have this
|
|
* be 0 so all other protocols can stay the
|
|
* same (ABI compatible).
|
|
*/
|
|
dom->dom_rtattach(
|
|
(void **) &nep->ne_rtable[i], 0);
|
|
break;
|
|
}
|
|
}
|
|
if ((rnh = nep->ne_rtable[i]) == NULL) {
|
|
error = ENOBUFS;
|
|
vfs_mount_error(mp, "%s %s %d",
|
|
"Unable to initialize radix node head ",
|
|
"for address family", i);
|
|
goto out;
|
|
}
|
|
}
|
|
RADIX_NODE_HEAD_LOCK(rnh);
|
|
rn = (*rnh->rnh_addaddr)(saddr, smask, rnh, np->netc_rnodes);
|
|
RADIX_NODE_HEAD_UNLOCK(rnh);
|
|
if (rn == NULL || np != (struct netcred *)rn) { /* already exists */
|
|
error = EPERM;
|
|
vfs_mount_error(mp, "Invalid radix node head, rn: %p %p",
|
|
rn, np);
|
|
goto out;
|
|
}
|
|
np->netc_exflags = argp->ex_flags;
|
|
bzero(&np->netc_anon, sizeof(np->netc_anon));
|
|
np->netc_anon.cr_uid = argp->ex_anon.cr_uid;
|
|
np->netc_anon.cr_ngroups = argp->ex_anon.cr_ngroups;
|
|
bcopy(argp->ex_anon.cr_groups, np->netc_anon.cr_groups,
|
|
sizeof(np->netc_anon.cr_groups));
|
|
refcount_init(&np->netc_anon.cr_ref, 1);
|
|
return (0);
|
|
out:
|
|
free(np, M_NETADDR);
|
|
return (error);
|
|
}
|
|
|
|
/* Helper for vfs_free_addrlist. */
|
|
/* ARGSUSED */
|
|
static int
|
|
vfs_free_netcred(struct radix_node *rn, void *w)
|
|
{
|
|
register struct radix_node_head *rnh = (struct radix_node_head *) w;
|
|
|
|
(*rnh->rnh_deladdr) (rn->rn_key, rn->rn_mask, rnh);
|
|
free(rn, M_NETADDR);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Free the net address hash lists that are hanging off the mount points.
|
|
*/
|
|
static void
|
|
vfs_free_addrlist(struct netexport *nep)
|
|
{
|
|
register int i;
|
|
register struct radix_node_head *rnh;
|
|
|
|
for (i = 0; i <= AF_MAX; i++)
|
|
if ((rnh = nep->ne_rtable[i])) {
|
|
RADIX_NODE_HEAD_LOCK(rnh);
|
|
(*rnh->rnh_walktree) (rnh, vfs_free_netcred, rnh);
|
|
RADIX_NODE_HEAD_DESTROY(rnh);
|
|
free(rnh, M_RTABLE);
|
|
nep->ne_rtable[i] = NULL; /* not SMP safe XXX */
|
|
}
|
|
}
|
|
|
|
/*
|
|
* High level function to manipulate export options on a mount point
|
|
* and the passed in netexport.
|
|
* Struct export_args *argp is the variable used to twiddle options,
|
|
* the structure is described in sys/mount.h
|
|
*/
|
|
int
|
|
vfs_export(struct mount *mp, struct export_args *argp)
|
|
{
|
|
struct netexport *nep;
|
|
int error;
|
|
|
|
nep = mp->mnt_export;
|
|
error = 0;
|
|
if (argp->ex_flags & MNT_DELEXPORT) {
|
|
if (nep == NULL) {
|
|
error = ENOENT;
|
|
goto out;
|
|
}
|
|
if (mp->mnt_flag & MNT_EXPUBLIC) {
|
|
vfs_setpublicfs(NULL, NULL, NULL);
|
|
MNT_ILOCK(mp);
|
|
mp->mnt_flag &= ~MNT_EXPUBLIC;
|
|
MNT_IUNLOCK(mp);
|
|
}
|
|
vfs_free_addrlist(nep);
|
|
mp->mnt_export = NULL;
|
|
free(nep, M_MOUNT);
|
|
nep = NULL;
|
|
MNT_ILOCK(mp);
|
|
mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED);
|
|
MNT_IUNLOCK(mp);
|
|
}
|
|
if (argp->ex_flags & MNT_EXPORTED) {
|
|
if (nep == NULL) {
|
|
nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO);
|
|
mp->mnt_export = nep;
|
|
}
|
|
if (argp->ex_flags & MNT_EXPUBLIC) {
|
|
if ((error = vfs_setpublicfs(mp, nep, argp)) != 0)
|
|
goto out;
|
|
MNT_ILOCK(mp);
|
|
mp->mnt_flag |= MNT_EXPUBLIC;
|
|
MNT_IUNLOCK(mp);
|
|
}
|
|
if ((error = vfs_hang_addrlist(mp, nep, argp)))
|
|
goto out;
|
|
MNT_ILOCK(mp);
|
|
mp->mnt_flag |= MNT_EXPORTED;
|
|
MNT_IUNLOCK(mp);
|
|
}
|
|
|
|
out:
|
|
/*
|
|
* Once we have executed the vfs_export() command, we do
|
|
* not want to keep the "export" option around in the
|
|
* options list, since that will cause subsequent MNT_UPDATE
|
|
* calls to fail. The export information is saved in
|
|
* mp->mnt_export, so we can safely delete the "export" mount option
|
|
* here.
|
|
*/
|
|
vfs_deleteopt(mp->mnt_optnew, "export");
|
|
vfs_deleteopt(mp->mnt_opt, "export");
|
|
return (error);
|
|
}
|
|
|
|
/*
|
|
* Set the publicly exported filesystem (WebNFS). Currently, only
|
|
* one public filesystem is possible in the spec (RFC 2054 and 2055)
|
|
*/
|
|
int
|
|
vfs_setpublicfs(struct mount *mp, struct netexport *nep,
|
|
struct export_args *argp)
|
|
{
|
|
int error;
|
|
struct vnode *rvp;
|
|
char *cp;
|
|
|
|
/*
|
|
* mp == NULL -> invalidate the current info, the FS is
|
|
* no longer exported. May be called from either vfs_export
|
|
* or unmount, so check if it hasn't already been done.
|
|
*/
|
|
if (mp == NULL) {
|
|
if (nfs_pub.np_valid) {
|
|
nfs_pub.np_valid = 0;
|
|
if (nfs_pub.np_index != NULL) {
|
|
FREE(nfs_pub.np_index, M_TEMP);
|
|
nfs_pub.np_index = NULL;
|
|
}
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Only one allowed at a time.
|
|
*/
|
|
if (nfs_pub.np_valid != 0 && mp != nfs_pub.np_mount)
|
|
return (EBUSY);
|
|
|
|
/*
|
|
* Get real filehandle for root of exported FS.
|
|
*/
|
|
bzero(&nfs_pub.np_handle, sizeof(nfs_pub.np_handle));
|
|
nfs_pub.np_handle.fh_fsid = mp->mnt_stat.f_fsid;
|
|
|
|
if ((error = VFS_ROOT(mp, LK_EXCLUSIVE, &rvp, curthread /* XXX */)))
|
|
return (error);
|
|
|
|
if ((error = VOP_VPTOFH(rvp, &nfs_pub.np_handle.fh_fid)))
|
|
return (error);
|
|
|
|
vput(rvp);
|
|
|
|
/*
|
|
* If an indexfile was specified, pull it in.
|
|
*/
|
|
if (argp->ex_indexfile != NULL) {
|
|
MALLOC(nfs_pub.np_index, char *, MAXNAMLEN + 1, M_TEMP,
|
|
M_WAITOK);
|
|
error = copyinstr(argp->ex_indexfile, nfs_pub.np_index,
|
|
MAXNAMLEN, (size_t *)0);
|
|
if (!error) {
|
|
/*
|
|
* Check for illegal filenames.
|
|
*/
|
|
for (cp = nfs_pub.np_index; *cp; cp++) {
|
|
if (*cp == '/') {
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
if (error) {
|
|
FREE(nfs_pub.np_index, M_TEMP);
|
|
return (error);
|
|
}
|
|
}
|
|
|
|
nfs_pub.np_mount = mp;
|
|
nfs_pub.np_valid = 1;
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Used by the filesystems to determine if a given network address
|
|
* (passed in 'nam') is present in thier exports list, returns a pointer
|
|
* to struct netcred so that the filesystem can examine it for
|
|
* access rights (read/write/etc).
|
|
*/
|
|
static struct netcred *
|
|
vfs_export_lookup(struct mount *mp, struct sockaddr *nam)
|
|
{
|
|
struct netexport *nep;
|
|
register struct netcred *np;
|
|
register struct radix_node_head *rnh;
|
|
struct sockaddr *saddr;
|
|
|
|
nep = mp->mnt_export;
|
|
if (nep == NULL)
|
|
return (NULL);
|
|
np = NULL;
|
|
if (mp->mnt_flag & MNT_EXPORTED) {
|
|
/*
|
|
* Lookup in the export list first.
|
|
*/
|
|
if (nam != NULL) {
|
|
saddr = nam;
|
|
rnh = nep->ne_rtable[saddr->sa_family];
|
|
if (rnh != NULL) {
|
|
RADIX_NODE_HEAD_LOCK(rnh);
|
|
np = (struct netcred *)
|
|
(*rnh->rnh_matchaddr)(saddr, rnh);
|
|
RADIX_NODE_HEAD_UNLOCK(rnh);
|
|
if (np && np->netc_rnodes->rn_flags & RNF_ROOT)
|
|
np = NULL;
|
|
}
|
|
}
|
|
/*
|
|
* If no address match, use the default if it exists.
|
|
*/
|
|
if (np == NULL && mp->mnt_flag & MNT_DEFEXPORTED)
|
|
np = &nep->ne_defexported;
|
|
}
|
|
return (np);
|
|
}
|
|
|
|
/*
|
|
* XXX: This comment comes from the deprecated ufs_check_export()
|
|
* XXX: and may not entirely apply, but lacking something better:
|
|
* This is the generic part of fhtovp called after the underlying
|
|
* filesystem has validated the file handle.
|
|
*
|
|
* Verify that a host should have access to a filesystem.
|
|
*/
|
|
|
|
int
|
|
vfs_stdcheckexp(struct mount *mp, struct sockaddr *nam, int *extflagsp,
|
|
struct ucred **credanonp)
|
|
{
|
|
struct netcred *np;
|
|
|
|
np = vfs_export_lookup(mp, nam);
|
|
if (np == NULL)
|
|
return (EACCES);
|
|
*extflagsp = np->netc_exflags;
|
|
*credanonp = &np->netc_anon;
|
|
return (0);
|
|
}
|
|
|