-/* $OpenBSD: kern_tame.c,v 1.69 2015/10/08 13:25:04 deraadt Exp $ */
+/* $OpenBSD: kern_tame.c,v 1.70 2015/10/08 17:29:43 deraadt Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
{ "recvfd", TAME_RW | TAME_RECVFD },
{ "ioctl", TAME_IOCTL },
{ "route", TAME_ROUTE },
+ { "mcast", TAME_MCAST },
{ "tty", TAME_TTY },
{ "proc", TAME_PROC },
{ "exec", TAME_EXEC },
case IP_PORTRANGE:
case IP_RECVDSTADDR:
return (0);
- }
+ case IP_MULTICAST_IF:
+ case IP_ADD_MEMBERSHIP:
+ case IP_DROP_MEMBERSHIP:
+ if ((p->p_p->ps_tame & TAME_MCAST) == 0)
+ return (0);
+ break;
+ }
break;
case IPPROTO_ICMP:
break;
case IPV6_RECVHOPLIMIT:
case IPV6_PORTRANGE:
case IPV6_RECVPKTINFO:
+#ifdef notyet
+ case IPV6_V6ONLY:
+#endif
return (0);
+ case IPV6_MULTICAST_IF:
+ case IPV6_JOIN_GROUP:
+ case IPV6_LEAVE_GROUP:
+ if ((p->p_p->ps_tame & TAME_MCAST) == 0)
+ return (0);
+ break;
}
break;
case IPPROTO_ICMPV6:
-/* $OpenBSD: tame.h,v 1.12 2015/10/07 19:52:54 deraadt Exp $ */
+/* $OpenBSD: tame.h,v 1.13 2015/10/08 17:29:43 deraadt Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
#define TAME_RECVFD 0x00040000 /* AF_UNIX CMSG fd receiving */
#define TAME_EXEC 0x00080000 /* execve, child is free of tame */
#define TAME_ROUTE 0x00100000 /* routing lookups */
+#define TAME_MCAST 0x00200000 /* multicast joins */
#define TAME_ABORT 0x08000000 /* SIGABRT instead of SIGKILL */
projects / openbsd / commitdiff