Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v
retrieving revision 1.88
retrieving revision 1.88.4.2
diff -u -p -r1.88 -r1.88.4.2
--- src/sys/netinet/raw_ip.c	2005/12/11 12:24:57	1.88
+++ src/sys/netinet/raw_ip.c	2006/09/09 02:58:47	1.88.4.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip.c,v 1.88 2005/12/11 12:24:57 christos Exp $	*/
+/*	$NetBSD: raw_ip.c,v 1.88.4.2 2006/09/09 02:58:47 rpaulo Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.88 2005/12/11 12:24:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.88.4.2 2006/09/09 02:58:47 rpaulo Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -77,6 +77,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
 #include <sys/errno.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
+#include <sys/kauth.h>
 
 #include <net/if.h>
 #include <net/route.h>
@@ -140,7 +141,6 @@ rip_input(struct mbuf *m, ...)
 {
 	int proto;
 	struct ip *ip = mtod(m, struct ip *);
-	struct inpcb_hdr *inph;
 	struct inpcb *inp;
 	struct inpcb *last = 0;
 	struct mbuf *opts = 0;
@@ -166,8 +166,7 @@ rip_input(struct mbuf *m, ...)
 	ip->ip_len = ntohs(ip->ip_len) - (ip->ip_hl << 2);
 	NTOHS(ip->ip_off);
 
-	CIRCLEQ_FOREACH(inph, &rawcbtable.inpt_queue, inph_queue) {
-		inp = (struct inpcb *)inph;
+	CIRCLEQ_FOREACH(inp, &rawcbtable.inpt_queue, inp_queue) {
 		if (inp->inp_af != AF_INET)
 			continue;
 		if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto)
@@ -505,17 +504,15 @@ rip_usrreq(struct socket *so, int req,
     struct mbuf *m, struct mbuf *nam, struct mbuf *control, struct lwp *l)
 {
 	struct inpcb *inp;
-	struct proc *p;
 	int s;
 	int error = 0;
 #ifdef MROUTING
 	extern struct socket *ip_mrouter;
 #endif
 
-	p = l ? l->l_proc : NULL;
 	if (req == PRU_CONTROL)
 		return (in_control(so, (long)m, (caddr_t)nam,
-		    (struct ifnet *)control, p));
+		    (struct ifnet *)control, l));
 
 	if (req == PRU_PURGEIF) {
 		in_pcbpurgeif0(&rawcbtable, (struct ifnet *)control);
@@ -542,7 +539,8 @@ rip_usrreq(struct socket *so, int req,
 			error = EISCONN;
 			break;
 		}
-		if (p == 0 || (error = suser(p->p_ucred, &p->p_acflag))) {
+		if (l == 0 || (error = kauth_authorize_generic(l->l_cred,
+		    KAUTH_GENERIC_ISSUSER, &l->l_acflag))) {
 			error = EACCES;
 			break;
 		}