Add a new privilege, PRIV_NETINET_REUSEPORT, which will replace superuser

checks to see whether bind() can reuse a port/address combination while
it's already in use (for some definition of use).

2 files changed, 3 insertions, 1 deletions

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index eb0852a..fc31367 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -345,7 +345,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
 			if (jailed(cred))
 				prison = 1;
 			if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
-			    suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) {
+			    priv_check_cred(so->so_cred,
+			    PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
 				t = in_pcblookup_local(inp->inp_pcbinfo,
 				    sin->sin_addr, lport,
 				    prison ? 0 :  INPLOOKUP_WILDCARD);
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index d5b9cd3..150c9a1 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -368,6 +368,7 @@
 #define	PRIV_NETINET_SCOPE6	501	/* Administer IPv6 address scopes. */
 #define	PRIV_NETINET_ALIFETIME6	502	/* Administer IPv6 address lifetimes. */
 #define	PRIV_NETINET_IPSEC	503	/* Administer IPSEC. */
+#define	PRIV_NETINET_REUSEPORT	504	/* Allow [rapid] port/address reuse. */
 
 /*
  * IPX/SPX privileges.