Hi,

All other internet socket attach functions first call soreserve()
and then in_pcballoc().  This avoids an in_pcbdetach() in the error
path.  Current divert attach code may leak the inpcb.

ok?

bluhm

Index: netinet/ip_divert.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_divert.c,v
diff -u -p -r1.98 ip_divert.c
--- netinet/ip_divert.c	1 Jan 2025 13:44:22 -0000	1.98
+++ netinet/ip_divert.c	23 Jan 2025 10:58:46 -0000
@@ -272,12 +272,11 @@ divert_attach(struct socket *so, int pro
 	if ((so->so_state & SS_PRIV) == 0)
 		return EACCES;
 
-	error = in_pcballoc(so, &divbtable, wait);
-	if (error)
-		return error;
-
 	error = soreserve(so, atomic_load_int(&divert_sendspace),
 	    atomic_load_int(&divert_recvspace));
+	if (error)
+		return error;
+	error = in_pcballoc(so, &divbtable, wait);
 	if (error)
 		return error;
 
Index: netinet6/ip6_divert.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_divert.c,v
diff -u -p -r1.97 ip6_divert.c
--- netinet6/ip6_divert.c	16 Aug 2024 09:20:35 -0000	1.97
+++ netinet6/ip6_divert.c	23 Jan 2025 10:58:46 -0000
@@ -280,12 +280,11 @@ divert6_attach(struct socket *so, int pr
 	if ((so->so_state & SS_PRIV) == 0)
 		return EACCES;
 
-	error = in_pcballoc(so, &divb6table, wait);
-	if (error)
-		return (error);
-
 	error = soreserve(so, atomic_load_int(&divert6_sendspace),
 	    atomic_load_int(&divert6_recvspace));
+	if (error)
+		return (error);
+	error = in_pcballoc(so, &divb6table, wait);
 	if (error)
 		return (error);