talexander
/
freebsd_amp_hwpstate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd_amp_hwpstate/sys/netinet6
History
Mark Johnston 274579831b capsicum: Limit socket operations in capability mode 
Capsicum did not prevent certain privileged networking operations,
specifically creation of raw sockets and network configuration ioctls.
However, these facilities can be used to circumvent some of the
restrictions that capability mode is supposed to enforce.

Add capability mode checks to disallow network configuration ioctls and
creation of sockets other than PF_LOCAL and SOCK_DGRAM/STREAM/SEQPACKET
internet sockets.

Reviewed by:	oshogbo
Discussed with:	emaste
Reported by:	manu
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D29423
 		2021-04-07 14:32:56 -04:00
..
dest6.c
frag6.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
icmp6.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
icmp6.h
in6.c capsicum: Limit socket operations in capability mode 2021-04-07 14:32:56 -04:00
in6.h
in6_cksum.c
in6_fib.c
in6_fib.h
in6_fib_algo.c Fix dpdk/ldradix fib lookup algorithm preference calculation. 2021-03-07 22:17:53 +00:00
in6_gif.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
in6_ifattach.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
in6_ifattach.h
in6_jail.c
in6_mcast.c
in6_pcb.c
in6_pcb.h
in6_pcbgroup.c
in6_proto.c capsicum: Limit socket operations in capability mode 2021-04-07 14:32:56 -04:00
in6_rmx.c
in6_rss.c
in6_rss.h
in6_src.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
in6_var.h Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
ip6.h
ip6_ecn.h
ip6_fastfwd.c
ip6_forward.c
ip6_gre.c
ip6_id.c
ip6_input.c Flush remaining routes from the routing table during VNET shutdown. 2021-03-10 21:10:14 +00:00
ip6_mroute.c
ip6_mroute.h
ip6_output.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
ip6_var.h
ip6protosw.h
ip_fw_nat64.h
ip_fw_nptv6.h
mld6.c
mld6.h
mld6_var.h
nd6.c base: remove if_wg(4) and associated utilities, manpage 2021-03-17 09:14:48 -05:00
nd6.h
nd6_nbr.c
nd6_rtr.c Fix crash with rtadv-originated multipath IPv6 routes. 2021-02-24 16:44:10 +00:00
pim6.h
pim6_var.h
raw_ip6.c
raw_ip6.h
route6.c
scope6.c
scope6_var.h
sctp6_usrreq.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
sctp6_var.h
send.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
send.h
tcp6_var.h
udp6_usrreq.c
udp6_var.h