Removing inpcbpolicy::priv

To: tech-net%netbsd.org@localhost
Subject: Removing inpcbpolicy::priv
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Fri, 08 May 2009 01:23:37 +0300

Hi,

It looks like inpcbpolicy::priv is redundant.

The PCB is always attached to a socket, and therefore we can use the uid
stored in uidinfo for permissions check. In fact, the priv member is set
by checking the uid from uidinfo.

The other case the priv member is used is in ipsec_copy_pcbpolicy(),
when copying a policy, called from syn_cache_get(). There, too, it seems
it's redundant, as sonewconn() is called to create a new socket, which
keeps the uidinfo.

Therefore, I suggest the trivial diff attached -- please review.

Thanks,

-e.

Index: ipsec.c
===================================================================
RCS file: /usr/cvs/src/sys/netinet6/ipsec.c,v
retrieving revision 1.142
diff -u -p -r1.142 ipsec.c
--- ipsec.c     7 May 2009 21:51:47 -0000       1.142
+++ ipsec.c     7 May 2009 04:23:13 -0000
@@ -479,7 +479,7 @@ ipsec4_getpolicybysock(struct mbuf *m, u
                panic("ipsec4_getpolicybysock: currsp is NULL.");
 
        /* when privileged socket */
-       if (pcbsp->priv) {
+       if (so->so_uidinfo->ui_uid == 0) {
                switch (currsp->policy) {
                case IPSEC_POLICY_BYPASS:
                        currsp->refcnt++;
@@ -697,7 +697,7 @@ ipsec6_getpolicybysock(struct mbuf *m, u
                panic("ipsec6_getpolicybysock: currsp is NULL.");
 
        /* when privileged socket */
-       if (pcbsp->priv) {
+       if (so->so_uidinfo->ui_uid == 0) {
                switch (currsp->policy) {
                case IPSEC_POLICY_BYPASS:
                        currsp->refcnt++;
@@ -1235,11 +1235,6 @@ ipsec_init_pcbpolicy(struct socket *so, 
        }
        memset(new, 0, sizeof(*new));
 
-       if (so->so_uidinfo->ui_uid == 0)        /* XXX-kauth */
-               new->priv = 1;
-       else
-               new->priv = 0;
-
        new->sp_in = in;
        new->sp_in->refcnt++;
        new->sp_out = out;
@@ -1273,8 +1268,6 @@ ipsec_copy_pcbpolicy(struct inpcbpolicy 
                new->sp_out->refcnt++;
        }
 
-       new->priv = old->priv;
-
        return 0;
 }
 
Index: ipsec.h
===================================================================
RCS file: /usr/cvs/src/sys/netinet6/ipsec.h,v
retrieving revision 1.51
diff -u -p -r1.51 ipsec.h
--- ipsec.h     6 May 2009 21:41:59 -0000       1.51
+++ ipsec.h     7 May 2009 04:33:58 -0000
@@ -124,7 +124,6 @@ struct ipsecrequest {
 struct inpcbpolicy {
        struct secpolicy *sp_in;
        struct secpolicy *sp_out;
-       int priv;                       /* privileged socket ? */
 
        /* cached policy */
        struct {

Follow-Ups:
- Re: Removing inpcbpolicy::priv
  - From: Elad Efrat
- Re: Removing inpcbpolicy::priv
  - From: Christos Zoulas

Prev by Date: Re: Disabling UDP checksums on HME
Next by Date: Re: Removing inpcbpolicy::priv
Previous by Thread: Disabling UDP checksums on HME
Next by Thread: Re: Removing inpcbpolicy::priv
Indexes:

Home | Main Index | Thread Index | Old Index