From 2ab086da93d3955aa9ce409297533e4ad5b51dfe Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Sat, 15 Apr 2017 11:58:51 +0000
Subject: [PATCH] Take implementation for getsocket() from arp(8).  This brings
 routing table filter and pledge(2) to ndp(8) modes -s and -d. OK florian@

---
 usr.sbin/ndp/ndp.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c
index f8269b19938..cd3f8989ea4 100644
--- a/usr.sbin/ndp/ndp.c
+++ b/usr.sbin/ndp/ndp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ndp.c,v 1.80 2017/04/15 11:42:09 bluhm Exp $	*/
+/*	$OpenBSD: ndp.c,v 1.81 2017/04/15 11:58:51 bluhm Exp $	*/
 /*	$KAME: ndp.c,v 1.101 2002/07/17 08:46:33 itojun Exp $	*/
 
 /*
@@ -334,13 +334,18 @@ file(char *name)
 void
 getsocket(void)
 {
-	if (rtsock < 0) {
-		rtsock = socket(PF_ROUTE, SOCK_RAW, 0);
-		if (rtsock < 0) {
-			err(1, "socket");
-			/* NOTREACHED */
-		}
-	}
+	socklen_t len = sizeof(rdomain);
+
+	if (rtsock >= 0)
+		return;
+	rtsock = socket(PF_ROUTE, SOCK_RAW, 0);
+	if (rtsock < 0)
+		err(1, "routing socket");
+	if (setsockopt(rtsock, PF_ROUTE, ROUTE_TABLEFILTER, &rdomain, len) < 0)
+		err(1, "ROUTE_TABLEFILTER");
+
+	if (pledge("stdio dns", NULL) == -1)
+		err(1, "pledge");
 }
 
 struct	sockaddr_in6 so_mask = {sizeof(so_mask), AF_INET6 };
-- 
2.20.1