cvs commit: src/sys/netinet raw_ip.c

[Aggelos Economopoulos]

On Saturday 05 July 2008, Matthew Dillon wrote:
> 
> :>     sys/netinet          raw_ip.c 
> :>   Log:
> :>   Fix [gs]etsockopt(IP_HDRINCL) which allows mere mortals like me to obtain
> :>   IP addresses via DHCP again.
> :
> :Great. Only, it turns out the whole approach is flawed. Setting sopt_td to
> :NULL may help with fooling sooptcopy{in,out} but some code uses the field
> :to do permission checks. The obvious fix is to add ->sopt_flags and SOPTF_KVA
> :and make sure no code in the tree leaves the new field uninitialized (lecture
> :on why open-coding stuff is BAD ommitted). This means that soopt_{from,to}_*
> :can go. This patch should do the trick; unless testing reveals some issue
> :I'm going to revert my changes from HEAD and put it in ASAP so it can get
> :wider testing before the release.
> :
> :Sorry for the inconvenience,
> :Aggelos
> 
>     It kinda sounds to me that the front-end system call should do all the
>     copyin/copyout into and out of kernel space and the backend protocol
>     code should just operate in the kernel space.  The system call can
>     pass a ucred to the backend for permissions checks.

Well, the problem was caused by overloading sopt_td to also signify that
->sopt_val is a user address. I've got SOPTF_VAL working just fine now.
Passing a ucred instead of the thread would be a nice idea, but it is
not necessary.

>     That would be more along the lines of what we do with our kern_*()
>     calls.

That would be another option, yes, and probably simpler too. I'll probably
do it in a new git branch later today, test a bit and commit.

Thanks for the input,
Aggelos