Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.73.2.2
retrieving revision 1.77.12.2
diff -u -p -r1.73.2.2 -r1.77.12.2
--- src/sys/netinet6/ip6_input.c	2006/05/24 02:37:15	1.73.2.2
+++ src/sys/netinet6/ip6_input.c	2007/04/26 06:55:37	1.77.12.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.73.2.2 2006/05/24 02:37:15 riz Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.77.12.2 2007/04/26 06:55:37 ghen Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.73.2.2 2006/05/24 02:37:15 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.77.12.2 2007/04/26 06:55:37 ghen Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -112,11 +112,8 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
 
 #include <netinet6/ip6protosw.h>
 
-/* we need it for NLOOP. */
-#include "loop.h"
 #include "faith.h"
 #include "gif.h"
-#include "bpfilter.h"
 
 #if NGIF > 0
 #include <netinet6/in6_gif.h>
@@ -131,7 +128,6 @@ static int ip6qmaxlen = IFQ_MAXLEN;
 struct in6_ifaddr *in6_ifaddr;
 struct ifqueue ip6intrq;
 
-extern struct ifnet loif[NLOOP];
 int ip6_forward_srcrt;			/* XXX */
 int ip6_sourcecheck;			/* XXX */
 int ip6_sourcecheck_interval;		/* XXX */
@@ -248,7 +244,7 @@ ip6_input(m)
 #define M2MMAX	(sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0]))
 		if (m->m_next) {
 			if (m->m_flags & M_LOOP) {
-				ip6stat.ip6s_m2m[loif[0].if_index]++; /* XXX */
+				ip6stat.ip6s_m2m[lo0ifp->if_index]++; /* XXX */
 			} else if (m->m_pkthdr.rcvif->if_index < M2MMAX)
 				ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++;
 			else
@@ -997,12 +993,6 @@ ip6_savecontrol(in6p, mp, ip6, m)
 	struct ip6_hdr *ip6;
 	struct mbuf *m;
 {
-	struct proc *p = curproc;	/* XXX */
-	int privileged;
-
-	privileged = 0;
-	if (p && !suser(p->p_ucred, &p->p_acflag))
-		privileged++;
 
 #ifdef SO_TIMESTAMP
 	if (in6p->in6p_socket->so_options & SO_TIMESTAMP) {
@@ -1016,9 +1006,9 @@ ip6_savecontrol(in6p, mp, ip6, m)
 	}
 #endif
 
-       /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */
-       if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
-               return;
+	/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */
+	if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
+		return;
 
 	if (in6p->in6p_flags & IN6P_RECVDSTADDR) {
 		*mp = sbcreatecontrol((caddr_t) &ip6->ip6_dst,
@@ -1060,12 +1050,13 @@ ip6_savecontrol(in6p, mp, ip6, m)
 	/* IN6P_NEXTHOP - for outgoing packet only */
 
 	/*
-	 * IPV6_HOPOPTS socket option. We require super-user privilege
-	 * for the option, but it might be too strict, since there might
-	 * be some hop-by-hop options which can be returned to normal user.
-	 * See RFC 2292 section 6.
+	 * IPV6_HOPOPTS socket option.  Recall that we required super-user
+	 * privilege for the option (see ip6_ctloutput), but it might be too
+	 * strict, since there might be some hop-by-hop options which can be
+	 * returned to normal user.
+	 * See also RFC 2292 section 6.
 	 */
-	if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0 && privileged) {
+	if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) {
 		/*
 		 * Check if a hop-by-hop options header is contatined in the
 		 * received packet, and if so, store the options as ancillary
@@ -1160,14 +1151,6 @@ ip6_savecontrol(in6p, mp, ip6, m)
 				if (!in6p->in6p_flags & IN6P_DSTOPTS)
 					break;
 
-				/*
-				 * We also require super-user privilege for
-				 * the option.
-				 * See the comments on IN6_HOPOPTS.
-				 */
-				if (!privileged)
-					break;
-
 				*mp = sbcreatecontrol((caddr_t)ip6e, elen,
 				    IPV6_DSTOPTS, IPPROTO_IPV6);
 				if (*mp)
@@ -1440,6 +1423,31 @@ u_char	inet6ctlerrmap[PRC_NCMDS] = {
 	ENOPROTOOPT
 };
 
+static int
+sysctl_net_inet6_ip6_rht0(SYSCTLFN_ARGS)
+{  
+	int error, tmp;
+	struct sysctlnode node;
+
+	node = *rnode;
+	tmp = ip6_rht0;
+	node.sysctl_data = &tmp;
+	error = sysctl_lookup(SYSCTLFN_CALL(&node));
+	if (error || newp == NULL)
+		return error;
+
+	switch (tmp) {
+	case -1:	/* disable processing */
+	case 0:		/* disable for host, enable for router */
+	case 1:		/* enable for all */
+		break;
+	default:
+		return EINVAL;
+	}
+	ip6_rht0 = tmp;
+	return 0;
+}
+
 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup")
 {
 
@@ -1669,4 +1677,11 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup,
 		       NULL, 0, &ip6_maxfrags, 0,
 		       CTL_NET, PF_INET6, IPPROTO_IPV6,
 		       IPV6CTL_MAXFRAGS, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+			CTLTYPE_INT, "rht0",
+			SYSCTL_DESCR("Processing of routing header type 0 (IPv6)"),
+			sysctl_net_inet6_ip6_rht0, 0, &ip6_rht0, 0,
+			CTL_NET, PF_INET6, IPPROTO_IPV6,
+			CTL_CREATE, CTL_EOL);
 }