aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet6
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet6')
-rw-r--r--sys/netinet6/ip6_input.c25
1 files changed, 5 insertions, 20 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 0fa9a7b58696..4eb60425763a 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1107,13 +1107,8 @@ ip6_savecontrol(in6p, m, mp)
struct mbuf *m, **mp;
{
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y))
- struct thread *td = curthread; /* XXX */
- int privileged = 0;
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
- if (td && !suser(td))
- privileged++;
-
#ifdef SO_TIMESTAMP
if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) {
struct timeval tv;
@@ -1169,16 +1164,13 @@ ip6_savecontrol(in6p, m, mp)
}
/*
- * IPV6_HOPOPTS socket option. We require super-user privilege
- * for the option, but it might be too strict, since there might
- * be some hop-by-hop options which can be returned to normal user.
- * See RFC 2292 section 6.
+ * IPV6_HOPOPTS socket option. Recall that we required super-user
+ * privilege for the option (see ip6_ctloutput), but it might be too
+ * strict, since there might be some hop-by-hop options which can be
+ * returned to normal user.
+ * See also RFC 2292 section 6 (or RFC 3542 section 8).
*/
if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) {
-#ifdef DIAGNOSTIC
- if (!privileged)
- panic("IN6P_HOPOPTS is set for unprivileged socket");
-#endif
/*
* Check if a hop-by-hop options header is contatined in the
* received packet, and if so, store the options as ancillary
@@ -1294,13 +1286,6 @@ ip6_savecontrol(in6p, m, mp)
if (!(in6p->in6p_flags & IN6P_DSTOPTS))
break;
- /*
- * We also require super-user privilege for
- * the option. See comments on IN6_HOPOPTS.
- */
- if (!privileged)
- break;
-
*mp = sbcreatecontrol((caddr_t)ip6e, elen,
IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS),
IPPROTO_IPV6);