/*
 * Name: NoSpoof v1beta
 * Date: May 23 04:06:37 2000
 * Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
 *
 * SoftProject Digital Security for Y2K
 * Sikurezza.org Italian Security Mailing List
 *
 * COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
 * Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
 *
 * Tested on: OpenBSD 2.6 kern#0 i386
 */

#define DONT_PERMIT

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/syscall.h>
#include <sys/mount.h>
#include <sys/conf.h>
#include <sys/syscallargs.h>
#include <sys/exec.h>
#include <sys/lkm.h>
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/errno.h>

#include <sys/proc.h>
#include <sys/syslog.h>

#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <netinet/in.h>


	
int my_setsockopt		__P((struct proc *, void *, register_t *)); 


MOD_MISC("NoSpoof");

static int
NoSpoof_load(struct lkm_table *lkmtp, int cmd)
{
	if(cmd == LKM_E_LOAD) {
		printf("EXtern Sp00fiNG Pr0tection\n");
		printf("(c) Coffeeware - SoftProject Y2k\n");
		printf("pIGpEN / s0ftpj\n");
		sysent[SYS_setsockopt].sy_call = my_setsockopt;
	}

	return 0;
}


static int
NoSpoof_unload(struct lkm_table *lkmtp, int cmd)
{
	if(cmd == LKM_E_UNLOAD) {
		printf("NoSp00f unloaded\n");
		sysent[SYS_setsockopt].sy_call = sys_setsockopt;
	}

	return 0;
}


NoSpoof( lkmtp, cmd, ver)
struct lkm_table	*lkmtp;	
int			cmd;
int			ver;
{
	DISPATCH(lkmtp, cmd, ver, NoSpoof_load, NoSpoof_unload, lkm_nofunc);
}


int
my_setsockopt(p, v, retval)
	struct proc *p;
	void *v;
	register_t *retval;
{
	register struct sys_setsockopt_args *uap = v;
	struct file *fp;
	struct mbuf *m = NULL;
	int error;

	if(SCARG(uap, level) == IPPROTO_IP && 
			SCARG(uap, name) == IP_HDRINCL) {
		log(LOG_INFO, "detect IP_HDRINCL invoked by %s\n", p->p_comm);
#ifdef DONT_PERMIT
		log(LOG_INFO, "ip header manipulation denied!\n");
		return EPERM;
#endif
	}

	if ((error = getsock(p->p_fd, SCARG(uap, s), &fp)) != 0)
		return (error);
	if (SCARG(uap, valsize) > MLEN)
		return (EINVAL);
	if (SCARG(uap, val)) {
		m = m_get(M_WAIT, MT_SOOPTS);
		if (m == NULL)
			return (ENOBUFS);
		error = copyin(SCARG(uap, val), mtod(m, caddr_t),
			       SCARG(uap, valsize));
		if (error) {
			(void) m_free(m);
			return (error);
		}
		m->m_len = SCARG(uap, valsize);
	}
	return (sosetopt((struct socket *)fp->f_data, SCARG(uap, level),
			 SCARG(uap, name), m));
}

/*

SRCS=obsd_nospoof.c
OBJS=$(SRCS:.c=.o)

MODOBJ=NoSpoof.o

KMOD=NoSpoof
CFLAGS+= -D_KERNEL -I/sys

all:	$(MODOBJ)

clean:
	rm -f $(OBJS) $(KOBJS) $(MODOBJ) $(KMOD)

load:
	modload -o $(KMOD) -e$(KMOD) $(MODOBJ)

unload:
	modunload -n $(KMOD)

$(MODOBJ): $(OBJS) $(KOBJS)
	$(LD) -r -o $(MODOBJ) $(OBJS) $(KOBJS)
*/