Hi, The raw ip input functions are called from several places, so I think a check that the address family is correct, is justified.
ok? bluhm Index: netinet/raw_ip.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/raw_ip.c,v retrieving revision 1.98 diff -u -p -r1.98 raw_ip.c --- netinet/raw_ip.c 14 Apr 2017 20:46:31 -0000 1.98 +++ netinet/raw_ip.c 16 Apr 2017 16:13:42 -0000 @@ -125,6 +125,8 @@ rip_input(struct mbuf **mp, int *offp, i struct counters_ref ref; uint64_t *counters; + KASSERT(af == AF_INET); + ripsrc.sin_addr = ip->ip_src; TAILQ_FOREACH(inp, &rawcbtable.inpt_queue, inp_queue) { if (inp->inp_socket->so_state & SS_CANTRCVMORE) Index: netinet6/raw_ip6.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v retrieving revision 1.109 diff -u -p -r1.109 raw_ip6.c --- netinet6/raw_ip6.c 14 Apr 2017 20:46:31 -0000 1.109 +++ netinet6/raw_ip6.c 16 Apr 2017 16:15:24 -0000 @@ -125,6 +125,8 @@ rip6_input(struct mbuf **mp, int *offp, struct sockaddr_in6 rip6src; struct mbuf *opts = NULL; + KASSERT(af == AF_INET6); + rip6stat_inc(rip6s_ipackets); /* Be proactive about malicious use of IPv4 mapped address */