diff options
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ip6_input.c | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 0fa9a7b58696..4eb60425763a 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1107,13 +1107,8 @@ ip6_savecontrol(in6p, m, mp) struct mbuf *m, **mp; { #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) - struct thread *td = curthread; /* XXX */ - int privileged = 0; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); - if (td && !suser(td)) - privileged++; - #ifdef SO_TIMESTAMP if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) { struct timeval tv; @@ -1169,16 +1164,13 @@ ip6_savecontrol(in6p, m, mp) } /* - * IPV6_HOPOPTS socket option. We require super-user privilege - * for the option, but it might be too strict, since there might - * be some hop-by-hop options which can be returned to normal user. - * See RFC 2292 section 6. + * IPV6_HOPOPTS socket option. Recall that we required super-user + * privilege for the option (see ip6_ctloutput), but it might be too + * strict, since there might be some hop-by-hop options which can be + * returned to normal user. + * See also RFC 2292 section 6 (or RFC 3542 section 8). */ if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { -#ifdef DIAGNOSTIC - if (!privileged) - panic("IN6P_HOPOPTS is set for unprivileged socket"); -#endif /* * Check if a hop-by-hop options header is contatined in the * received packet, and if so, store the options as ancillary @@ -1294,13 +1286,6 @@ ip6_savecontrol(in6p, m, mp) if (!(in6p->in6p_flags & IN6P_DSTOPTS)) break; - /* - * We also require super-user privilege for - * the option. See comments on IN6_HOPOPTS. - */ - if (!privileged) - break; - *mp = sbcreatecontrol((caddr_t)ip6e, elen, IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), IPPROTO_IPV6); |