Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.78.2.1
retrieving revision 1.89
diff -u -p -r1.78.2.1 -r1.89
--- src/sys/netinet/raw_ip.c	2004/05/10 15:00:12	1.78.2.1
+++ src/sys/netinet/raw_ip.c	2006/05/14 21:19:34	1.89
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip.c,v 1.78.2.1 2004/05/10 15:00:12 tron Exp $	*/
+/*	$NetBSD: raw_ip.c,v 1.89 2006/05/14 21:19:34 elad Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,13 +61,14 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.78.2.1 2004/05/10 15:00:12 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.89 2006/05/14 21:19:34 elad Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
 #include "opt_mrouting.h"
 
 #include <sys/param.h>
+#include <sys/sysctl.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
@@ -76,6 +77,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
 #include <sys/errno.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
+#include <sys/kauth.h>
 
 #include <net/if.h>
 #include <net/route.h>
@@ -87,6 +89,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
 #include <netinet/ip_mroute.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/in_pcb.h>
+#include <netinet/in_proto.h>
 #include <netinet/in_var.h>
 
 #include <machine/stdarg.h>
@@ -102,11 +105,11 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
 
 struct inpcbtable rawcbtable;
 
-int	 rip_pcbnotify __P((struct inpcbtable *, struct in_addr,
-    struct in_addr, int, int, void (*) __P((struct inpcb *, int))));
-int	 rip_bind __P((struct inpcb *, struct mbuf *));
-int	 rip_connect __P((struct inpcb *, struct mbuf *));
-void	 rip_disconnect __P((struct inpcb *));
+int	 rip_pcbnotify(struct inpcbtable *, struct in_addr,
+    struct in_addr, int, int, void (*)(struct inpcb *, int));
+int	 rip_bind(struct inpcb *, struct mbuf *);
+int	 rip_connect(struct inpcb *, struct mbuf *);
+void	 rip_disconnect(struct inpcb *);
 
 /*
  * Nominal space allocated to a raw ip socket.
@@ -122,7 +125,7 @@ void	 rip_disconnect __P((struct inpcb *
  * Initialize raw connection block q.
  */
 void
-rip_init()
+rip_init(void)
 {
 
 	in_pcbinit(&rawcbtable, 1, 1);
@@ -134,13 +137,7 @@ rip_init()
  * mbuf chain.
  */
 void
-#if __STDC__
 rip_input(struct mbuf *m, ...)
-#else
-rip_input(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
 {
 	int proto;
 	struct ip *ip = mtod(m, struct ip *);
@@ -242,12 +239,9 @@ rip_input(m, va_alist)
 }
 
 int
-rip_pcbnotify(table, faddr, laddr, proto, errno, notify)
-	struct inpcbtable *table;
-	struct in_addr faddr, laddr;
-	int proto;
-	int errno;
-	void (*notify) __P((struct inpcb *, int));
+rip_pcbnotify(struct inpcbtable *table,
+    struct in_addr faddr, struct in_addr laddr, int proto, int errno,
+    void (*notify)(struct inpcb *, int))
 {
 	struct inpcb *inp, *ninp;
 	int nmatch;
@@ -272,13 +266,10 @@ rip_pcbnotify(table, faddr, laddr, proto
 }
 
 void *
-rip_ctlinput(cmd, sa, v)
-	int cmd;
-	struct sockaddr *sa;
-	void *v;
+rip_ctlinput(int cmd, struct sockaddr *sa, void *v)
 {
 	struct ip *ip = v;
-	void (*notify) __P((struct inpcb *, int)) = in_rtchange;
+	void (*notify)(struct inpcb *, int) = in_rtchange;
 	int errno;
 
 	if (sa->sa_family != AF_INET ||
@@ -309,13 +300,7 @@ rip_ctlinput(cmd, sa, v)
  * Tack on options user may have setup with control call.
  */
 int
-#if __STDC__
 rip_output(struct mbuf *m, ...)
-#else
-rip_output(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
 {
 	struct inpcb *inp;
 	struct ip *ip;
@@ -395,11 +380,8 @@ rip_output(m, va_alist)
  * Raw IP socket option processing.
  */
 int
-rip_ctloutput(op, so, level, optname, m)
-	int op;
-	struct socket *so;
-	int level, optname;
-	struct mbuf **m;
+rip_ctloutput(int op, struct socket *so, int level, int optname,
+    struct mbuf **m)
 {
 	struct inpcb *inp = sotoinpcb(so);
 	int error = 0;
@@ -433,6 +415,9 @@ rip_ctloutput(op, so, level, optname, m)
 		case MRT_ADD_MFC:
 		case MRT_DEL_MFC:
 		case MRT_ASSERT:
+		case MRT_API_CONFIG:
+		case MRT_ADD_BW_UPCALL:
+		case MRT_DEL_BW_UPCALL:
 			error = ip_mrouter_set(so, optname, m);
 			break;
 #endif
@@ -455,6 +440,8 @@ rip_ctloutput(op, so, level, optname, m)
 #ifdef MROUTING
 		case MRT_VERSION:
 		case MRT_ASSERT:
+		case MRT_API_SUPPORT:
+		case MRT_API_CONFIG:
 			error = ip_mrouter_get(so, optname, m);
 			break;
 #endif
@@ -469,9 +456,7 @@ rip_ctloutput(op, so, level, optname, m)
 }
 
 int
-rip_bind(inp, nam)
-	struct inpcb *inp;
-	struct mbuf *nam;
+rip_bind(struct inpcb *inp, struct mbuf *nam)
 {
 	struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *);
 
@@ -490,9 +475,7 @@ rip_bind(inp, nam)
 }
 
 int
-rip_connect(inp, nam)
-	struct inpcb *inp;
-	struct mbuf *nam;
+rip_connect(struct inpcb *inp, struct mbuf *nam)
 {
 	struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *);
 
@@ -508,8 +491,7 @@ rip_connect(inp, nam)
 }
 
 void
-rip_disconnect(inp)
-	struct inpcb *inp;
+rip_disconnect(struct inpcb *inp)
 {
 
 	inp->inp_faddr = zeroin_addr;
@@ -520,19 +502,18 @@ u_long	rip_recvspace = RIPRCVQ;
 
 /*ARGSUSED*/
 int
-rip_usrreq(so, req, m, nam, control, p)
-	struct socket *so;
-	int req;
-	struct mbuf *m, *nam, *control;
-	struct proc *p;
+rip_usrreq(struct socket *so, int req,
+    struct mbuf *m, struct mbuf *nam, struct mbuf *control, struct lwp *l)
 {
 	struct inpcb *inp;
+	struct proc *p;
 	int s;
 	int error = 0;
 #ifdef MROUTING
 	extern struct socket *ip_mrouter;
 #endif
 
+	p = l ? l->l_proc : NULL;
 	if (req == PRU_CONTROL)
 		return (in_control(so, (long)m, (caddr_t)nam,
 		    (struct ifnet *)control, p));
@@ -562,7 +543,8 @@ rip_usrreq(so, req, m, nam, control, p)
 			error = EISCONN;
 			break;
 		}
-		if (p == 0 || (error = suser(p->p_ucred, &p->p_acflag))) {
+		if (p == 0 || (error = kauth_authorize_generic(p->p_cred,
+						KAUTH_GENERIC_ISSUSER, &p->p_acflag))) {
 			error = EACCES;
 			break;
 		}
@@ -689,3 +671,32 @@ release:
 	splx(s);
 	return (error);
 }
+
+SYSCTL_SETUP(sysctl_net_inet_raw_setup, "sysctl net.inet.raw subtree setup")
+{
+
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "net", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_NET, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "inet", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_NET, PF_INET, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "raw",
+		       SYSCTL_DESCR("Raw IPv4 settings"),
+		       NULL, 0, NULL, 0,
+		       CTL_NET, PF_INET, IPPROTO_RAW, CTL_EOL);
+
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_STRUCT, "pcblist",
+		       SYSCTL_DESCR("Raw IPv4 control block list"),
+		       sysctl_inpcblist, 0, &rawcbtable, 0,
+		       CTL_NET, PF_INET, IPPROTO_RAW,
+		       CTL_CREATE, CTL_EOL);
+}