Take implementation for getsocket() from arp(8). This brings

routing table filter and pledge(2) to ndp(8) modes -s and -d.
OK florian@

diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c
index f8269b1..cd3f898 100644 (file)
--- a/usr.sbin/ndp/ndp.c
+++ b/usr.sbin/ndp/ndp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ndp.c,v 1.80 2017/04/15 11:42:09 bluhm Exp $  */
+/*     $OpenBSD: ndp.c,v 1.81 2017/04/15 11:58:51 bluhm Exp $  */
 /*     $KAME: ndp.c,v 1.101 2002/07/17 08:46:33 itojun Exp $   */
 
 /*
@@ -334,13 +334,18 @@ file(char *name)
 void
 getsocket(void)
 {
-       if (rtsock < 0) {
-               rtsock = socket(PF_ROUTE, SOCK_RAW, 0);
-               if (rtsock < 0) {
-                       err(1, "socket");
-                       /* NOTREACHED */
-               }
-       }
+       socklen_t len = sizeof(rdomain);
+
+       if (rtsock >= 0)
+               return;
+       rtsock = socket(PF_ROUTE, SOCK_RAW, 0);
+       if (rtsock < 0)
+               err(1, "routing socket");
+       if (setsockopt(rtsock, PF_ROUTE, ROUTE_TABLEFILTER, &rdomain, len) < 0)
+               err(1, "ROUTE_TABLEFILTER");
+
+       if (pledge("stdio dns", NULL) == -1)
+               err(1, "pledge");
 }
 
 struct sockaddr_in6 so_mask = {sizeof(so_mask), AF_INET6 };