der Mouse <mouse@Holo.Rodents.Montreal.QC.CA> writes:

> If that changes the outgoing packet, then I for one ask that you - or
> whoever addresses the problem - find some other way of fixing it; I
> want to be able to send packets with "illegal" values in them.
> (Indeed, sending packets full of completely random data except for a
> few chosen things like, say, ip_dst and ip_proto is a wonderful way to
> find bugs in protocol stacks.)

No, it changes nothing about the protocol stack at all.  All the fix
to uipc_socket.c does is copy the length of data at the correct time.

However, I don't agree that we should allow "bad" packets to be transmitted
using sendto().  IMHO, if you are going to do this, use BPF directly.
Right now, although I have not verified this, any raw-mode socket can
crash the machine by setting the field ip->ip_len  to be greater than the
data in the mbuf chain.  This is _wrong_ and will cause a kernel panic.
IMHO, this is a bug, and should not be allowed...

--Michael