diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-13 16:09:24 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-13 16:09:24 +0000 |
| commit | 645be9544007830aac9ffff678e856b8158c5b93 (patch) | |
| tree | 0be29f9cf18e1fe2fc1e54a4201c3fa806b68388 | |
| parent | semarie points out i am already forgetting the rules are very tight around (diff) | |
| download | wireguard-openbsd-645be9544007830aac9ffff678e856b8158c5b93.tar.xz wireguard-openbsd-645be9544007830aac9ffff678e856b8158c5b93.zip | |
allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge
| -rw-r--r-- | sys/kern/kern_pledge.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index d898d77d186..af54fb7dd01 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.18 2015/10/13 00:03:42 doug Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.19 2015/10/13 16:09:24 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -1142,6 +1142,7 @@ pledge_setsockopt_check(struct proc *p, int level, int optname) case IP_MINTTL: case IP_PORTRANGE: case IP_RECVDSTADDR: + case IP_RECVDSTPORT: return (0); case IP_MULTICAST_IF: case IP_ADD_MEMBERSHIP: @@ -1159,6 +1160,7 @@ pledge_setsockopt_check(struct proc *p, int level, int optname) case IPV6_RECVHOPLIMIT: case IPV6_PORTRANGE: case IPV6_RECVPKTINFO: + case IPV6_RECVDSTPORT: #ifdef notyet case IPV6_V6ONLY: #endif |