IP_HDRINCL protection beta version 1.
7aa4377e96ae6d5a56e9a8b54c43ebb66246e4eb4db2d225719debea79ca60dc
50a51,73
> /*
> * COFFEE WARE LICENSE - diff for /sys/netinet/raw_ip.c
> *
> * IP_HDRINCL protection beta version 1
> *
> * Note: This type of protection can be implemented as a loadable kernel
> * module...
> *
> * This version requires that you recompile your kernel
> * Added options are:
> *
> * option IPHDR_MON -> to monitor IP_HDRINCL
> * option NO_IPHDR -> to deny it!
> *
> * Important: the second option requires the first!
> *
> * A lkm which monitors setsockopt() syscall can be also required to:
> * deadhead@sikurezza.org or pigpen@s0ftpj.org with Subject:
> * LKM FOR OpenBSD VERSION X.X -> where X.XX... is your version
> *
> * This diff was tested on a 2.6 kernel
> */
>
71a95,98
> #ifdef IPHDR_MON
> #include <sys/syslog.h>
> #endif
>
271c298,314
< else if (*mtod(*m, int *))
---
> else if (*mtod(*m, int *)) {
> #ifdef IPHDR_MON
> log(LOG_INFO,"IP_HDRINCL detected!\n");
> #endif
>
> #ifdef NO_IPHDR
> log(LOG_INFO,"Kernel doesn't permit it!\n");
>
> /* This if is false in general, I suppose OpenBSD kernel doesn't set IP_HDRINCL
> with value = 1 as default (Linux for example does it, see lkm by fusys) */
>
> if((inp->inp_flags & INP_HDRINCL)) {
> log(LOG_INFO,"Kernel put it to 1 ");
> log(LOG_INFO,"IP_HDRINCL disabled!\n");
> inp->inp_flags &= ~INP_HDRINCL;
> }
> #else
273c316,317
< else
---
> #endif
> } else