Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.89
retrieving revision 1.94.4.1
diff -u -p -r1.89 -r1.94.4.1
--- src/sys/netinet/raw_ip.c	2006/05/14 21:19:34	1.89
+++ src/sys/netinet/raw_ip.c	2007/02/27 16:54:56	1.94.4.1
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip.c,v 1.89 2006/05/14 21:19:34 elad Exp $	*/
+/*	$NetBSD: raw_ip.c,v 1.94.4.1 2007/02/27 16:54:56 yamt Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.89 2006/05/14 21:19:34 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.94.4.1 2007/02/27 16:54:56 yamt Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -266,7 +266,7 @@ rip_pcbnotify(struct inpcbtable *table,
 }
 
 void *
-rip_ctlinput(int cmd, struct sockaddr *sa, void *v)
+rip_ctlinput(int cmd, const struct sockaddr *sa, void *v)
 {
 	struct ip *ip = v;
 	void (*notify)(struct inpcb *, int) = in_rtchange;
@@ -285,12 +285,12 @@ rip_ctlinput(int cmd, struct sockaddr *s
 	else if (errno == 0)
 		return NULL;
 	if (ip) {
-		rip_pcbnotify(&rawcbtable, satosin(sa)->sin_addr,
+		rip_pcbnotify(&rawcbtable, satocsin(sa)->sin_addr,
 		    ip->ip_src, ip->ip_p, errno, notify);
 
 		/* XXX mapped address case */
 	} else
-		in_pcbnotifyall(&rawcbtable, satosin(sa)->sin_addr, errno,
+		in_pcbnotifyall(&rawcbtable, satocsin(sa)->sin_addr, errno,
 		    notify);
 	return NULL;
 }
@@ -506,26 +506,26 @@ rip_usrreq(struct socket *so, int req,
     struct mbuf *m, struct mbuf *nam, struct mbuf *control, struct lwp *l)
 {
 	struct inpcb *inp;
-	struct proc *p;
 	int s;
 	int error = 0;
 #ifdef MROUTING
 	extern struct socket *ip_mrouter;
 #endif
 
-	p = l ? l->l_proc : NULL;
 	if (req == PRU_CONTROL)
 		return (in_control(so, (long)m, (caddr_t)nam,
-		    (struct ifnet *)control, p));
+		    (struct ifnet *)control, l));
+
+	s = splsoftnet();
 
 	if (req == PRU_PURGEIF) {
 		in_pcbpurgeif0(&rawcbtable, (struct ifnet *)control);
 		in_purgeif((struct ifnet *)control);
 		in_pcbpurgeif(&rawcbtable, (struct ifnet *)control);
+		splx(s);
 		return (0);
 	}
 
-	s = splsoftnet();
 	inp = sotoinpcb(so);
 #ifdef DIAGNOSTIC
 	if (req != PRU_SEND && req != PRU_SENDOOB && control)
@@ -543,11 +543,14 @@ rip_usrreq(struct socket *so, int req,
 			error = EISCONN;
 			break;
 		}
-		if (p == 0 || (error = kauth_authorize_generic(p->p_cred,
-						KAUTH_GENERIC_ISSUSER, &p->p_acflag))) {
+
+		if (l == NULL) {
 			error = EACCES;
 			break;
 		}
+
+		/* XXX: raw socket permissions are checked in socreate() */
+
 		if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
 			error = soreserve(so, rip_sendspace, rip_recvspace);
 			if (error)