Index: raw_ip.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v retrieving revision 1.132 diff -u -r1.132 raw_ip.c --- raw_ip.c 4 May 2004 02:11:47 -0000 1.132 +++ raw_ip.c 2 Jun 2004 02:38:05 -0000 @@ -244,13 +244,13 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) { struct ip *ip; + int error; struct inpcb *inp = sotoinpcb(so); int flags = (so->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST; -#ifdef MAC INP_LOCK(inp); +#ifdef MAC mac_create_mbuf_from_inpcb(inp, m); - INP_UNLOCK(inp); #endif /* @@ -258,6 +258,7 @@ * Otherwise, allocate an mbuf for a header and fill it in. */ if ((inp->inp_flags & INP_HDRINCL) == 0) { + INP_UNLOCK(inp); if (m->m_pkthdr.len + sizeof(struct ip) > IP_MAXPACKET) { m_freem(m); return(EMSGSIZE); @@ -265,6 +266,8 @@ M_PREPEND(m, sizeof(struct ip), M_TRYWAIT); if (m == NULL) return(ENOBUFS); + + INP_LOCK(inp); ip = mtod(m, struct ip *); ip->ip_tos = inp->inp_ip_tos; ip->ip_off = 0; @@ -279,6 +282,7 @@ ip->ip_ttl = inp->inp_ip_ttl; } else { if (m->m_pkthdr.len > IP_MAXPACKET) { + INP_UNLOCK(inp); m_freem(m); return(EMSGSIZE); } @@ -286,6 +290,7 @@ if (jailed(inp->inp_socket->so_cred)) { if (ip->ip_src.s_addr != htonl(prison_getip(inp->inp_socket->so_cred))) { + INP_UNLOCK(inp); m_freem(m); return (EPERM); } @@ -296,6 +301,7 @@ && inp->inp_options) || (ip->ip_len > m->m_pkthdr.len) || (ip->ip_len < (ip->ip_hl << 2))) { + INP_UNLOCK(inp); m_freem(m); return EINVAL; } @@ -313,8 +319,10 @@ if (inp->inp_flags & INP_ONESBCAST) flags |= IP_SENDONES; - return (ip_output(m, inp->inp_options, NULL, flags, - inp->inp_moptions, inp)); + error = ip_output(m, inp->inp_options, NULL, flags, + inp->inp_moptions, inp); + INP_UNLOCK(inp); + return error; } /* @@ -739,9 +747,7 @@ } dst = ((struct sockaddr_in *)nam)->sin_addr.s_addr; } - INP_LOCK(inp); ret = rip_output(m, so, dst); - INP_UNLOCK(inp); INP_INFO_WUNLOCK(&ripcbinfo); return ret; }