diff options
| author | Bill Fenner <fenner@FreeBSD.org> | 2002-10-29 16:46:13 +0000 |
|---|---|---|
| committer | Bill Fenner <fenner@FreeBSD.org> | 2002-10-29 16:46:13 +0000 |
| commit | 4d3ffc9841c030f4d27539993c3c933da4c36179 (patch) | |
| tree | 159621e947c8ca45b87c64883d4b7c7bc3405e1d /sys/netinet/ip_divert.c | |
| parent | e5f3fe8c973de153c99b24e848fffdfe1cd000e2 (diff) | |
| download | src-4d3ffc9841c030f4d27539993c3c933da4c36179.tar.gz src-4d3ffc9841c030f4d27539993c3c933da4c36179.zip | |
Renumber IPPROTO_DIVERT out of the range of valid IP protocol numbers.
This allows socket() to return an error when the kernel is not built
with IPDIVERT, and doesn't prevent future applications from using the
"borrowed" IP protocol number. The sysctl net.inet.raw.olddiverterror
controls whether opening a socket with the "borrowed" IP protocol
fails with an accompanying kernel printf; this code should last only a
couple of releases.
Approved by: re
Notes
Notes:
svn path=/head/; revision=106152
Diffstat (limited to 'sys/netinet/ip_divert.c')
| -rw-r--r-- | sys/netinet/ip_divert.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 808819d1f4dd..908273384acc 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -136,8 +136,8 @@ div_init(void) } /* - * IPPROTO_DIVERT is not a real IP protocol; don't allow any packets - * with that protocol number to enter the system from the outside. + * IPPROTO_DIVERT is not in the real IP protocol number space; this + * function should never be called. Just in case, drop any packets. */ void div_input(struct mbuf *m, int off) |