diff options
author | fenner <fenner@FreeBSD.org> | 2002-10-29 16:46:13 +0000 |
---|---|---|
committer | fenner <fenner@FreeBSD.org> | 2002-10-29 16:46:13 +0000 |
commit | 68784e2b89c00e55ec18f52a94e0a73b1e5a63ff (patch) | |
tree | 159621e947c8ca45b87c64883d4b7c7bc3405e1d /sys/netinet/raw_ip.c | |
parent | 40dc9090f37ec561f9d2f488fc3817617cadc360 (diff) | |
download | FreeBSD-src-68784e2b89c00e55ec18f52a94e0a73b1e5a63ff.zip FreeBSD-src-68784e2b89c00e55ec18f52a94e0a73b1e5a63ff.tar.gz |
Renumber IPPROTO_DIVERT out of the range of valid IP protocol numbers.
This allows socket() to return an error when the kernel is not built
with IPDIVERT, and doesn't prevent future applications from using the
"borrowed" IP protocol number. The sysctl net.inet.raw.olddiverterror
controls whether opening a socket with the "borrowed" IP protocol
fails with an accompanying kernel printf; this code should last only a
couple of releases.
Approved by: re
Diffstat (limited to 'sys/netinet/raw_ip.c')
-rw-r--r-- | sys/netinet/raw_ip.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 97dabef..f435d97 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -493,11 +493,14 @@ rip_ctlinput(cmd, sa, vip) u_long rip_sendspace = RIPSNDQ; u_long rip_recvspace = RIPRCVQ; +int rip_olddiverterror = 1; SYSCTL_INT(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW, &rip_sendspace, 0, "Maximum outgoing raw IP datagram size"); SYSCTL_INT(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW, &rip_recvspace, 0, "Maximum incoming raw IP datagram size"); +SYSCTL_INT(_net_inet_raw, OID_AUTO, olddiverterror, CTLFLAG_RW, + &rip_olddiverterror, 0, "Return an error when creating an 'old' DIVERT socket"); static int rip_attach(struct socket *so, int proto, struct thread *td) @@ -511,6 +514,15 @@ rip_attach(struct socket *so, int proto, struct thread *td) if (td && (error = suser(td)) != 0) return error; + if (proto >= IPPROTO_MAX || proto < 0) + return EPROTONOSUPPORT; + + /* To be removed before 5.2 */ + if (rip_olddiverterror && proto == IPPROTO_OLD_DIVERT) { + printf("Old IPDIVERT program needs to be recompiled, or new IP proto 254 user needs sysctl net.inet.raw.olddiverterror=0\n"); + return EPROTONOSUPPORT; + } + error = soreserve(so, rip_sendspace, rip_recvspace); if (error) return error; |