From e1c6b0c1ee471ec790888a1edec44099e6601971 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Tue, 20 Mar 2018 15:52:54 +0800
Subject: [PATCH] Move jail staffs from <net/if.h> and <netinet/in.h> to
 <sys/jail.h>

* <net/if.h>: Move out prison_if() function prototype to <sys/jail.h>

* <netinet/in.h>: Move out prison_replace_wildcards() and prison_remote_ip()
  function prototypes to <sys/jail.h>

* Include <sys/jail.h> header for those files in need of it

Obtained-from: FreeBSD (r72786)
---
 sys/net/if.c               |  1 +
 sys/net/if.h               |  5 -----
 sys/net/rtsock.c           |  1 +
 sys/netinet/in.h           |  3 ---
 sys/netinet/tcp_usrreq.c   |  1 +
 sys/netinet/udp_usrreq.c   |  1 +
 sys/netinet6/udp6_output.c |  1 +
 sys/netinet6/udp6_usrreq.c |  1 +
 sys/sys/jail.h             | 12 +++++++++---
 9 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/sys/net/if.c b/sys/net/if.c
index 6869092dcf..b3c2596396 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -54,6 +54,7 @@
 #include <sys/thread.h>
 #include <sys/serialize.h>
 #include <sys/bus.h>
+#include <sys/jail.h>
 
 #include <sys/thread2.h>
 #include <sys/msgport2.h>
diff --git a/sys/net/if.h b/sys/net/if.h
index 124a60ee30..f8ba564db6 100644
--- a/sys/net/if.h
+++ b/sys/net/if.h
@@ -384,11 +384,6 @@ __END_DECLS
 #endif
 
 #ifdef _KERNEL
-struct thread;
-struct ucred;
-
-int	prison_if(struct ucred *cred, struct sockaddr *sa);
-
 /* XXX - this should go away soon. */
 #include <net/if_var.h>
 #endif
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index f958569433..7850eac06b 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -74,6 +74,7 @@
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/domain.h>
+#include <sys/jail.h>
 
 #include <sys/thread2.h>
 #include <sys/socketvar2.h>
diff --git a/sys/netinet/in.h b/sys/netinet/in.h
index f8c1abe095..24c77dfc87 100644
--- a/sys/netinet/in.h
+++ b/sys/netinet/in.h
@@ -534,9 +534,6 @@ char	*kinet_ntoa(struct in_addr, char *); /* in libkern */
 char	*inet_ntop(int, const void * __restrict, char * __restrict,
 	    socklen_t); /* in libkern */
 
-int	prison_replace_wildcards(struct thread *td, struct sockaddr *ip);
-int	prison_remote_ip(struct thread *td, struct sockaddr *ip);
-
 #define	in_hosteq(s, t)	((s).s_addr == (t).s_addr)
 #define	in_nullhost(x)	((x).s_addr == INADDR_ANY)
 
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index aa475ba34a..88e68a3a30 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -83,6 +83,7 @@
 #include <sys/socketvar.h>
 #include <sys/socketops.h>
 #include <sys/protosw.h>
+#include <sys/jail.h>
 
 #include <sys/thread2.h>
 #include <sys/msgport2.h>
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 41f2726827..e81c0c335f 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -80,6 +80,7 @@
 #include <sys/syslog.h>
 #include <sys/in_cksum.h>
 #include <sys/ktr.h>
+#include <sys/jail.h>
 
 #include <sys/thread2.h>
 #include <sys/socketvar2.h>
diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c
index ff591542be..355735e7f9 100644
--- a/sys/netinet6/udp6_output.c
+++ b/sys/netinet6/udp6_output.c
@@ -77,6 +77,7 @@
 #include <sys/proc.h>
 #include <sys/priv.h>
 #include <sys/syslog.h>
+#include <sys/jail.h>
 
 #include <net/if.h>
 #include <net/route.h>
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 3b1aee7472..21649640c8 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -77,6 +77,7 @@
 #include <sys/syslog.h>
 #include <sys/proc.h>
 #include <sys/priv.h>
+#include <sys/jail.h>
 
 #include <sys/thread2.h>
 #include <sys/socketvar2.h>
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index a43cc53f93..d81b1e10b4 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -78,7 +78,7 @@ struct jail_ip_storage {
 
 /*
  * This structure describes a prison.  It is pointed to by all struct
- * proc's of the inmates.  pr_ref keeps track of them and is used to
+ * ucred's of the inmates.  pr_ref keeps track of them and is used to
  * delete the struture when the last inmate is dead.
  */
 
@@ -107,14 +107,20 @@ extern int	jail_sysvipc_allowed;
 extern int	jail_chflags_allowed;
 extern int	jail_allow_raw_sockets;
 
-void	prison_hold(struct prison *);
-void	prison_free(struct prison *);
+/*
+ * Kernel support functions for jail.
+ */
 int	jailed_ip(struct prison *, struct sockaddr *);
+void	prison_free(struct prison *);
+void	prison_hold(struct prison *);
+int	prison_if(struct ucred *cred, struct sockaddr *sa);
 struct sockaddr *
 	prison_get_local(struct prison *pr, sa_family_t, struct sockaddr *);
 struct sockaddr *
 	prison_get_nonlocal(struct prison *pr, sa_family_t, struct sockaddr *);
 int	prison_priv_check(struct ucred *cred, int priv);
+int	prison_remote_ip(struct thread *td, struct sockaddr *ip);
+int	prison_replace_wildcards(struct thread *td, struct sockaddr *ip);
 
 /*
  * Return 1 if the passed credential is in a jail, otherwise 0.
-- 
2.41.0