K 10
svn:author
V 5
jamie
K 8
svn:date
V 27
2009-02-18T20:12:08.341056Z
K 7
svn:log
V 1714
MFC:

 r188144:
   Standardize the various prison_foo_ip[46] functions and prison_if to
   return zero on success and an error code otherwise.  The possible errors
   are EADDRNOTAVAIL if an address being checked for doesn't match the
   prison, and EAFNOSUPPORT if the prison doesn't have any addresses in
   that address family.  For most callers of these functions, use the
   returned error code instead of e.g. a hard-coded EADDRNOTAVAIL or
   EINVAL.

   Always include a jailed() check in these functions, where a non-jailed
   cred always returns success (and makes no changes).  Remove the explicit
   jailed() checks that preceded many of the function calls.

 r188146:
   Don't allow creating a socket with a protocol family that the current
   jail doesn't support.  This involves a new function prison_check_af,
   like prison_check_ip[46] but that checks only the family.

   With this change, most of the errors generated by jailed sockets
   shouldn't ever occur, at least until jails are changeable.

 r188148:
   Remove redundant calls of prison_local_ip4 in in_pcbbind_setup, and of
   prison_local_ip6 in in6_pcbbind.

 r188149:
   Call prison_if from rtm_get_jailed, instead of splitting it out into
   prison_check_ip4 and prison_check_ip6.  As prison_if includes a jailed()
   check, remove that check before calling rtm_get_jailed.

 r188151:
   Don't bother null-checking the thread pointer before the prison checks
   in udp6_connect (td is already dereferenced elsewhere without such a
   check).  This makes the conversion from a sockaddr to a sockaddr_in6
   always happen, so convert once at the beginning of the function rather
   than twice in the middle.

Approved by:	bz (mentor)

END