From 2b567d99ae5024ad62ac37c8fde5f7d2dfacc18a Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Thu, 11 Jun 2020 15:37:33 +0100
Subject: [PATCH] Warn if the OS lacks support to lock down BPF or equivalent

---
 src/bpf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/bpf.c b/src/bpf.c
index f450a043..d3736a1b 100644
--- a/src/bpf.c
+++ b/src/bpf.c
@@ -703,6 +703,14 @@ bpf_bootp(const struct bpf *bpf, __unused const struct in_addr *ia)
 		return -1;
 	return 0;
 #else
+#ifdef PRIVSEP
+#if defined(__sun) /* Solaris cannot send via BPF. */
+#elif defined(BIOCSETF)
+#warning No BIOCSETWF support - a compromised BPF can be used as a raw socket
+#else
+#warning A compromised PF_PACKET socket can be used as a raw socket
+#endif
+#endif
 	return bpf_bootp_rw(bpf, true);
 #endif
 }
-- 
2.47.2