/*
 * Name: SRaw for FreeBSD ( sock.c )
 * Date: Mon May 01 13:12:43 2000
 * Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
 *
 * SoftProject 2000 - Digital Sekurity for Y2k
 * Sikurezza.org - Italian Security MailingList
 *
 * COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
 * Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
 *
 * Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #5: Mon Mar i386
 *
 * All users are allowed to open raw sockets...
 * This kld disables EPERM in socket() and permits to allocate inpcb even if
 * the socket is raw and users haven't root permissions... bypassing suser()
 * in pru_attach() functions...
 * 
 * 
 * Idea & Code for Linux by Gigi_Sull
 * Code for FreeBSD by pIGpEN / S0ftPj
 */


#include <sys/param.h>
#include <sys/module.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>

#include <net/route.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/in_pcb.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>


extern struct protosw	inetsw[];
extern struct inpcbinfo	ripcbinfo;


static int rip_attach 		__P((struct socket *, int, struct proc *));
static int (*old_rip_attach)	__P((struct socket *, int, struct proc *));
static int module_handler	__P((module_t, int, void *));

#define attach(x)	inetsw[ip_protox[x]].pr_usrreqs->pru_attach

static int
module_handler(module_t mod, int cmd, void *arg)
{
	int s;
	
	switch(cmd) {
 		case MOD_LOAD:
			s = splnet();
			old_rip_attach		=	attach(IPPROTO_RAW);
	 		attach(IPPROTO_RAW)	=	rip_attach;
			attach(IPPROTO_ICMP)	=	rip_attach;
			attach(IPPROTO_IGMP)	= 	rip_attach;
			attach(IPPROTO_RSVP)	=	rip_attach;
			attach(IPPROTO_IPIP)	=	rip_attach;
			attach(IPPROTO_IDP)	=	rip_attach;
			attach(0)		=	rip_attach;
			splx(s);
			break;
			
		case MOD_UNLOAD:
			s = splnet();
			attach(IPPROTO_RAW)	=	old_rip_attach;
			attach(IPPROTO_ICMP)	=	old_rip_attach;
			attach(IPPROTO_IGMP)	=	old_rip_attach;
			attach(IPPROTO_RSVP)	=	old_rip_attach;
			attach(IPPROTO_IPIP)	=	old_rip_attach;
			attach(IPPROTO_IDP)	=	old_rip_attach;
			attach(0)		=	old_rip_attach;
			splx(s);
			break;
	}
	
	return 0;
}

static moduledata_t s_raw = {
	"S_Raw",
	module_handler,
	NULL
};

DECLARE_MODULE(S_Raw, s_raw, SI_SUB_PSEUDO, SI_ORDER_ANY);

static u_long	rip_sendspace = 8192;	/* RIPSNDQ */
static u_long	rip_recvspace = 8192;	/* RIPRCVQ */
	  
static int
rip_attach(struct socket *so, int proto, struct proc *p)
{
	struct inpcb *inp;
	int error, s;

	inp = sotoinpcb(so);
	if (inp)
		panic("rip_attach");
	
	/*
	 * We don't want suser() call
	 * 
	 * if (p && (error = suser(p->p_ucred, &p->p_acflag)) != 0)
	 *	return error;
	 */

	s = splnet();
	error = in_pcballoc(so, &ripcbinfo, p); 					splx(s);
	if (error)
		return error;
	error = soreserve(so, rip_sendspace, rip_recvspace);
	if (error)
		return error;
	inp = (struct inpcb *)so->so_pcb;
	inp->inp_ip_p = proto;
	return 0;
}

/*
# SoftProject 2000 - Digital Sekurity for Y2k
# Sikurezza.org - Italian Security MailingList
#
# COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
# Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
#
# Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #3: Thu Mar i386
# < pigpen@s0ftpj.org > 

.PATH: /sys/kern
SRCS	= sock.c 
CFLAGS+= -I/sys
KMOD	= sock 
NOMAN	= t
KLDMOD	= t

KLDLOAD		= /sbin/kldload
KLDUNLOAD	= /sbin/kldunload

CLEANFILES+= ${KMOD}

load:
	${KLDLOAD} -v ./${KMOD}

unload:
	${KLDUNLOAD} -v -n ${KMOD}

.include <bsd.kmod.mk>
*/