rtems/rtems-libbsd
1
0
Fork 0
mirror of https://git.rtems.org/rtems-libbsd/ synced 2025-10-14 14:37:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use static inline functions for jail and prison

Browse Source 
This helps the compiler to optimize away dead code.
This commit is contained in:
Sebastian Huber
2019-05-10 15:59:04 +02:00
parent 5da04d6837
commit 36e8ad4374
2 changed files with 202 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

230
rtemsbsd/rtems/rtems-kernel-jail.c
View File

@@ -106,233 +106,3 @@ struct prison prison0 = {
.pr_allow = PR_ALLOW_ALL_STATIC
};
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
/*
* See if a prison has the specific flag set.
*/
int
prison_flag(struct ucred *cred, unsigned flag)
{
/* This is an atomic read, so no locking is necessary. */
return (prison0.pr_flags & flag);
}
void
prison_free(struct prison *pr)
{
}
void
prison_hold(struct prison *pr)
{
}
/*
* Check if given address belongs to the jail referenced by cred (wrapper to
* prison_check_ip[46]).
*
* Returns 0 if jail doesn't restrict the address family or if address belongs
* to jail, EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if
* the jail doesn't allow the address family. IPv4 Address passed in in NBO.
*/
int
prison_if(struct ucred *cred, struct sockaddr *sa)
{
return 0;
}
/*
* Return 1 if we should do proper source address selection or are not jailed.
* We will return 0 if we should bypass source address selection in favour
* of the primary jail IPv6 address. Only in this case *ia will be updated and
* returned in NBO.
* Return EAFNOSUPPORT, in case this jail does not allow IPv6.
*/
int
prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
{
return EAFNOSUPPORT;
}
/*
* Check if given address belongs to the jail referenced by cred/prison.
*
* Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
* doesn't allow IPv4. Address passed in in NBO.
*/
int
prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
{
return 0;
}
/*
* Assuming 0 means no restrictions.
*
* NOTE: RTEMS does not restrict via a jail so return 0.
*/
int
prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
{
return 0;
}
/*
* Make sure our (source) address is set to something meaningful to this
* jail.
*
* Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
* doesn't allow IPv4. Address passed in in NBO and returned in NBO.
*/
int
prison_local_ip4(struct ucred *cred, struct in_addr *ia)
{
return 0;
}
/*
* Rewrite destination address in case we will connect to loopback address.
*
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
* Address passed in in NBO and returned in NBO.
*/
int
prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
{
return 0;
}
/*
* Make sure our (source) address is set to something meaningful to this jail.
*
* v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
* when needed while binding.
*
* Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
* doesn't allow IPv6.
*
* NOTE: RTEMS does not restrict via a jail so return 0.
*/
int
prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
{
return 0;
}
/*
* Rewrite destination address in case we will connect to loopback address.
*
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
*
* NOTE: RTEMS does not restrict via a jail so return 0.
*/
int
prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
{
return 0;
}
/*
* Return 1 if we should do proper source address selection or are not jailed.
* We will return 0 if we should bypass source address selection in favour
* of the primary jail IPv4 address. Only in this case *ia will be updated and
* returned in NBO.
* Return EAFNOSUPPORT, in case this jail does not allow IPv4.
*/
int
prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
{
return 1;
}
/*
* Pass back primary IPv4 address of this jail.
*
* If not restricted return success but do not alter the address. Caller has
* to make sure to initialize it correctly (e.g. INADDR_ANY).
*
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
* Address returned in NBO.
*/
int
prison_get_ip4(struct ucred *cred, struct in_addr *ia)
{
return 0;
}
/*
* Return 1 if the passed credential is in a jail and that jail does not
* have its own virtual network stack, otherwise 0.
*/
int
jailed_without_vnet(struct ucred *cred)
{
return 0;
}
/*
* Pass back primary IPv6 address for this jail.
*
* If not restricted return success but do not alter the address. Caller has
* to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
*
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
*/
int
prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
{
return 0;
}
/*
* Return 0 if jails permit p1 to frob p2, otherwise ESRCH.
*/
int
prison_check(struct ucred *cred1, struct ucred *cred2)
{
return 0;
}
/*
* Check if a jail supports the given address family.
*
* Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT
* if not.
*/
int
prison_check_af(struct ucred *cred, int af)
{
return 0;
}
/*
* Return the correct hostname (domainname, et al) for the passed credential.
*/
void
getcredhostname(struct ucred *cred, char *buf, size_t size)
{
gethostname(buf, size);
}
void
getcreddomainname(struct ucred *cred, char *buf, size_t size)
{
getdomainname(buf, size);
}
void
getcredhostid(struct ucred *cred, unsigned long *hostid)
{
*hostid = 0;
}
/*
* Return 1 if the passed credential is in a jail, otherwise 0.
*/
int
jailed(struct ucred *cred)
{
return 0;
}