why required root privileges to set multicast options now?

[rwatson at freebsd.org (Robert Watson)]

On Sun, 10 Oct 2004 swp_(_at_)_swp_(_dot_)_pp_(_dot_)_ru wrote:

> FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004
> 
> ospfd (net/quagga from ports) run with credentials of quagga:quagga and
> unable to set multicast options now.
> 
> OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \
>                                         Operation not permitted
> OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted
> OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted
> OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted
> 
> 5.2-CURRENT and 5.2.1 have no problem.

This appears to have been introduced as a result of changes to permit root
to bind raw sockets in jail.  In particular, the likely control flow path
to get the above errors was to perform setsockopt() on a UDP socket, which
probaly works its way down to in_control() to ip_ctloutput().  This would
also explain why sdr stopped working for me a little while ago (I figured
it was a bad package build).  I've CC'd Christian as he might have some
insight into how to clean this up.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert_(_at_)_fledge_(_dot_)_watson_(_dot_)_org      Principal Research Scientist, McAfee Research