Kill the divert-packet socket option IP_DIVERTFL to filter packets.

It used a loop over the global list divbtable that would be hard
to make MP safe.  The port net/dnsfilter does not work without this,
it should be converted to divert-to.  Neither other ports nor base
use this filter feature.
ports checked by sthen@; OK mpi@ benno@

4 files changed, 5 insertions, 54 deletions

diff --git a/sys/netinet/in.h b/sys/netinet/in.h
index 68a3826459d..3bc34d8d7e7 100644
--- a/sys/netinet/in.h
+++ b/sys/netinet/in.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in.h,v 1.124 2017/08/11 19:53:02 bluhm Exp $	*/
+/*	$OpenBSD: in.h,v 1.125 2017/10/06 21:14:55 bluhm Exp $	*/
 /*	$NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $	*/
 
 /*
@@ -317,11 +317,6 @@ struct ip_opts {
 						/* source address to use */
 
 #define IP_RTABLE		0x1021	/* int; routing table, see SO_RTABLE */
-#define IP_DIVERTFL		0x1022	/* int; divert direction flag opt */
-
-/* Values used by IP_DIVERTFL socket option */
-#define IPPROTO_DIVERT_RESP	0x01	/* divert response packets */
-#define IPPROTO_DIVERT_INIT	0x02	/* divert packets initial direction */
 
 #if __BSD_VISIBLE
 /*
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index bbebfd52717..c8ad4c4ae2c 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.104 2016/09/03 14:18:42 phessler Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.105 2017/10/06 21:14:55 bluhm Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -143,7 +143,6 @@ struct inpcb {
 	struct	pf_state_key *inp_pf_sk;
 	u_int	inp_rtableid;
 	int	inp_pipex;		/* pipex indication */
-	int	inp_divertfl;		/* divert flags */
 };
 
 LIST_HEAD(inpcbhead, inpcb);
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index a6b57213d81..42c355d123b 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ip_divert.c,v 1.52 2017/09/06 11:43:04 bluhm Exp $ */
+/*      $OpenBSD: ip_divert.c,v 1.53 2017/10/06 21:14:55 bluhm Exp $ */
 
 /*
  * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
@@ -186,18 +186,6 @@ divert_packet(struct mbuf *m, int dir, u_int16_t divert_port)
 		return (0);
 	}
 
-	TAILQ_FOREACH(inp, &divbtable.inpt_queue, inp_queue) {
-		if (inp->inp_lport != divert_port)
-			continue;
-		if (inp->inp_divertfl == 0)
-			break;
-		if (dir == PF_IN && !(inp->inp_divertfl & IPPROTO_DIVERT_RESP))
-			return (-1);
-		if (dir == PF_OUT && !(inp->inp_divertfl & IPPROTO_DIVERT_INIT))
-			return (-1);
-		break;
-	}
-
 	memset(&addr, 0, sizeof(addr));
 	addr.sin_family = AF_INET;
 	addr.sin_len = sizeof(addr);
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 19d89af6da9..3e4af999eea 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: raw_ip.c,v 1.103 2017/09/05 07:59:11 mpi Exp $	*/
+/*	$OpenBSD: raw_ip.c,v 1.104 2017/10/06 21:14:55 bluhm Exp $	*/
 /*	$NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $	*/
 
 /*
@@ -298,8 +298,7 @@ rip_ctloutput(int op, struct socket *so, int level, int optname,
     struct mbuf *m)
 {
 	struct inpcb *inp = sotoinpcb(so);
-	int error = 0;
-	int dir;
+	int error;
 
 	if (level != IPPROTO_IP)
 		return (EINVAL);
@@ -321,36 +320,6 @@ rip_ctloutput(int op, struct socket *so, int level, int optname,
 		}
 		return (error);
 
-	case IP_DIVERTFL:
-		switch (op) {
-		case PRCO_SETOPT:
-			if (m == NULL || m->m_len < sizeof (int)) {
-				error = EINVAL;
-				break;
-			}
-			dir = *mtod(m, int *);
-			if (inp->inp_divertfl > 0)
-				error = ENOTSUP;
-			else if ((dir & IPPROTO_DIVERT_RESP) ||
-				   (dir & IPPROTO_DIVERT_INIT))
-				inp->inp_divertfl = dir;
-			else 
-				error = EINVAL;
-
-			break;
-
-		case PRCO_GETOPT:
-			m->m_len = sizeof(int);
-			*mtod(m, int *) = inp->inp_divertfl;
-			break;
-
-		default:
-			error = EINVAL;
-			break;
-		}
-
-		return (error);
-
 	case MRT_INIT:
 	case MRT_DONE:
 	case MRT_ADD_VIF: