Kill the divert-packet socket option IP_DIVERTFL to filter packets.

It used a loop over the global list divbtable that would be hard
to make MP safe.  The port net/dnsfilter does not work without this,
it should be converted to divert-to.  Neither other ports nor base
use this filter feature.
ports checked by sthen@; OK mpi@ benno@

1 files changed, 2 insertions, 33 deletions

diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 19d89af6da9..3e4af999eea 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: raw_ip.c,v 1.103 2017/09/05 07:59:11 mpi Exp $	*/
+/*	$OpenBSD: raw_ip.c,v 1.104 2017/10/06 21:14:55 bluhm Exp $	*/
 /*	$NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $	*/
 
 /*
@@ -298,8 +298,7 @@ rip_ctloutput(int op, struct socket *so, int level, int optname,
     struct mbuf *m)
 {
 	struct inpcb *inp = sotoinpcb(so);
-	int error = 0;
-	int dir;
+	int error;
 
 	if (level != IPPROTO_IP)
 		return (EINVAL);
@@ -321,36 +320,6 @@ rip_ctloutput(int op, struct socket *so, int level, int optname,
 		}
 		return (error);
 
-	case IP_DIVERTFL:
-		switch (op) {
-		case PRCO_SETOPT:
-			if (m == NULL || m->m_len < sizeof (int)) {
-				error = EINVAL;
-				break;
-			}
-			dir = *mtod(m, int *);
-			if (inp->inp_divertfl > 0)
-				error = ENOTSUP;
-			else if ((dir & IPPROTO_DIVERT_RESP) ||
-				   (dir & IPPROTO_DIVERT_INIT))
-				inp->inp_divertfl = dir;
-			else 
-				error = EINVAL;
-
-			break;
-
-		case PRCO_GETOPT:
-			m->m_len = sizeof(int);
-			*mtod(m, int *) = inp->inp_divertfl;
-			break;
-
-		default:
-			error = EINVAL;
-			break;
-		}
-
-		return (error);
-
 	case MRT_INIT:
 	case MRT_DONE:
 	case MRT_ADD_VIF: