2004-05-25 08:33:59 +04:00
|
|
|
/* $NetBSD: tcp_usrreq.c,v 1.92 2004/05/25 04:34:00 atatat Exp $ */
|
1999-07-01 12:12:45 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
1998-02-19 05:36:42 +03:00
|
|
|
|
|
|
|
/*-
|
|
|
|
* Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation
|
|
|
|
* Facility, NASA Ames Research Center.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the NetBSD
|
|
|
|
* Foundation, Inc. and its contributors.
|
|
|
|
* 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
1994-06-29 10:29:24 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1998-01-05 13:31:44 +03:00
|
|
|
* Copyright (c) 1982, 1986, 1988, 1993, 1995
|
1994-05-13 10:02:48 +04:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1993-03-21 12:45:37 +03:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1998-01-05 13:31:44 +03:00
|
|
|
* @(#)tcp_usrreq.c 8.5 (Berkeley) 6/21/95
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
|
|
|
|
2001-11-13 03:32:34 +03:00
|
|
|
#include <sys/cdefs.h>
|
2004-05-25 08:33:59 +04:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.92 2004/05/25 04:34:00 atatat Exp $");
|
2001-11-13 03:32:34 +03:00
|
|
|
|
1999-07-01 12:12:45 +04:00
|
|
|
#include "opt_inet.h"
|
1999-07-10 02:57:15 +04:00
|
|
|
#include "opt_ipsec.h"
|
2001-07-08 20:18:56 +04:00
|
|
|
#include "opt_tcp_debug.h"
|
2003-06-23 15:00:59 +04:00
|
|
|
#include "opt_mbuftrace.h"
|
1999-07-01 12:12:45 +04:00
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
1995-03-21 10:48:14 +03:00
|
|
|
#include <sys/kernel.h>
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <sys/malloc.h>
|
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/socketvar.h>
|
|
|
|
#include <sys/protosw.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/stat.h>
|
1996-02-14 02:40:59 +03:00
|
|
|
#include <sys/proc.h>
|
1999-07-01 12:12:45 +04:00
|
|
|
#include <sys/domain.h>
|
1996-02-14 02:40:59 +03:00
|
|
|
#include <sys/sysctl.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/route.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_systm.h>
|
1995-04-13 10:35:38 +04:00
|
|
|
#include <netinet/in_var.h>
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <netinet/ip.h>
|
|
|
|
#include <netinet/in_pcb.h>
|
|
|
|
#include <netinet/ip_var.h>
|
1999-07-01 12:12:45 +04:00
|
|
|
|
|
|
|
#ifdef INET6
|
|
|
|
#ifndef INET
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
#include <netinet/ip6.h>
|
|
|
|
#include <netinet6/in6_pcb.h>
|
|
|
|
#include <netinet6/ip6_var.h>
|
|
|
|
#endif
|
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <netinet/tcp.h>
|
|
|
|
#include <netinet/tcp_fsm.h>
|
|
|
|
#include <netinet/tcp_seq.h>
|
|
|
|
#include <netinet/tcp_timer.h>
|
|
|
|
#include <netinet/tcp_var.h>
|
|
|
|
#include <netinet/tcpip.h>
|
|
|
|
#include <netinet/tcp_debug.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2001-11-20 17:34:18 +03:00
|
|
|
#include "opt_tcp_space.h"
|
1997-07-29 02:31:08 +04:00
|
|
|
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef IPSEC
|
|
|
|
#include <netinet6/ipsec.h>
|
|
|
|
#endif /*IPSEC*/
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* TCP protocol interface to socket abstraction.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Process a TCP user request for TCP tb. If this is a send request
|
|
|
|
* then m is the mbuf chain of send data. If this is a timer expiration
|
|
|
|
* (called from the software clock routine), then timertype tells which timer.
|
|
|
|
*/
|
|
|
|
/*ARGSUSED*/
|
1994-01-09 02:07:16 +03:00
|
|
|
int
|
2003-06-30 02:28:00 +04:00
|
|
|
tcp_usrreq(so, req, m, nam, control, p)
|
1993-03-21 12:45:37 +03:00
|
|
|
struct socket *so;
|
|
|
|
int req;
|
|
|
|
struct mbuf *m, *nam, *control;
|
2003-06-28 18:20:43 +04:00
|
|
|
struct proc *p;
|
2003-06-30 02:28:00 +04:00
|
|
|
{
|
2000-03-30 16:51:13 +04:00
|
|
|
struct inpcb *inp;
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-03-30 16:51:13 +04:00
|
|
|
struct in6pcb *in6p;
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
2000-03-30 16:51:13 +04:00
|
|
|
struct tcpcb *tp = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
int s;
|
|
|
|
int error = 0;
|
2002-10-22 07:14:16 +04:00
|
|
|
#ifdef TCP_DEBUG
|
|
|
|
int ostate = 0;
|
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
int family; /* family of the socket */
|
|
|
|
|
|
|
|
family = so->so_proto->pr_domain->dom_family;
|
|
|
|
|
|
|
|
if (req == PRU_CONTROL) {
|
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
case PF_INET:
|
|
|
|
return (in_control(so, (long)m, (caddr_t)nam,
|
|
|
|
(struct ifnet *)control, p));
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
|
|
|
return (in6_control(so, (long)m, (caddr_t)nam,
|
|
|
|
(struct ifnet *)control, p));
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
return EAFNOSUPPORT;
|
|
|
|
}
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-02-03 02:28:08 +03:00
|
|
|
if (req == PRU_PURGEIF) {
|
2000-10-06 13:24:40 +04:00
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
2000-10-06 13:24:40 +04:00
|
|
|
case PF_INET:
|
2001-07-03 12:06:19 +04:00
|
|
|
in_pcbpurgeif0(&tcbtable, (struct ifnet *)control);
|
2000-10-06 13:24:40 +04:00
|
|
|
in_purgeif((struct ifnet *)control);
|
|
|
|
in_pcbpurgeif(&tcbtable, (struct ifnet *)control);
|
2000-10-06 14:21:06 +04:00
|
|
|
break;
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
2000-02-03 02:28:08 +03:00
|
|
|
#ifdef INET6
|
2000-10-06 13:24:40 +04:00
|
|
|
case PF_INET6:
|
2003-09-04 13:16:57 +04:00
|
|
|
in6_pcbpurgeif0(&tcbtable, (struct ifnet *)control);
|
2000-10-06 13:24:40 +04:00
|
|
|
in6_purgeif((struct ifnet *)control);
|
2003-09-04 13:16:57 +04:00
|
|
|
in6_pcbpurgeif(&tcbtable, (struct ifnet *)control);
|
2000-10-06 14:21:06 +04:00
|
|
|
break;
|
2000-02-03 02:28:08 +03:00
|
|
|
#endif
|
2000-10-06 13:24:40 +04:00
|
|
|
default:
|
|
|
|
return (EAFNOSUPPORT);
|
|
|
|
}
|
2000-02-02 01:52:04 +03:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1995-08-13 03:59:09 +04:00
|
|
|
s = splsoftnet();
|
1999-07-01 12:12:45 +04:00
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
case PF_INET:
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
#ifdef INET6
|
|
|
|
in6p = NULL;
|
|
|
|
#endif
|
|
|
|
break;
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
|
|
|
inp = NULL;
|
|
|
|
in6p = sotoin6pcb(so);
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
splx(s);
|
|
|
|
return EAFNOSUPPORT;
|
|
|
|
}
|
|
|
|
|
1996-05-23 21:03:27 +04:00
|
|
|
#ifdef DIAGNOSTIC
|
2000-10-18 01:16:57 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (inp && in6p)
|
|
|
|
panic("tcp_usrreq: both inp and in6p set to non-NULL");
|
2000-10-18 01:16:57 +04:00
|
|
|
#endif
|
1996-05-23 21:03:27 +04:00
|
|
|
if (req != PRU_SEND && req != PRU_SENDOOB && control)
|
|
|
|
panic("tcp_usrreq: unexpected control mbuf");
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* When a TCP is attached to a socket, then there will be
|
|
|
|
* a (struct inpcb) pointed at by the socket, and this
|
|
|
|
* structure will point at a subsidary (struct tcpcb).
|
|
|
|
*/
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifndef INET6
|
|
|
|
if (inp == 0 && req != PRU_ATTACH)
|
|
|
|
#else
|
|
|
|
if ((inp == 0 && in6p == 0) && req != PRU_ATTACH)
|
|
|
|
#endif
|
|
|
|
{
|
1996-05-23 20:13:19 +04:00
|
|
|
error = EINVAL;
|
|
|
|
goto release;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1993-03-21 12:45:37 +03:00
|
|
|
if (inp) {
|
|
|
|
tp = intotcpcb(inp);
|
|
|
|
/* WHAT IF TP IS 0? */
|
|
|
|
#ifdef KPROF
|
|
|
|
tcp_acounts[tp->t_state][req]++;
|
|
|
|
#endif
|
2002-10-22 07:14:16 +04:00
|
|
|
#ifdef TCP_DEBUG
|
1993-03-21 12:45:37 +03:00
|
|
|
ostate = tp->t_state;
|
2002-10-22 07:14:16 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p) {
|
1999-07-01 12:12:45 +04:00
|
|
|
tp = in6totcpcb(in6p);
|
|
|
|
/* WHAT IF TP IS 0? */
|
|
|
|
#ifdef KPROF
|
|
|
|
tcp_acounts[tp->t_state][req]++;
|
|
|
|
#endif
|
2002-10-22 07:14:16 +04:00
|
|
|
#ifdef TCP_DEBUG
|
1999-07-01 12:12:45 +04:00
|
|
|
ostate = tp->t_state;
|
2002-10-22 07:14:16 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
}
|
|
|
|
#endif
|
1996-05-23 20:13:19 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
switch (req) {
|
|
|
|
|
|
|
|
/*
|
|
|
|
* TCP attaches to socket via PRU_ATTACH, reserving space,
|
|
|
|
* and an internet control block.
|
|
|
|
*/
|
|
|
|
case PRU_ATTACH:
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifndef INET6
|
|
|
|
if (inp != 0)
|
|
|
|
#else
|
|
|
|
if (inp != 0 || in6p != 0)
|
|
|
|
#endif
|
|
|
|
{
|
1993-03-21 12:45:37 +03:00
|
|
|
error = EISCONN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
error = tcp_attach(so);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
if ((so->so_options & SO_LINGER) && so->so_linger == 0)
|
1998-01-05 12:12:29 +03:00
|
|
|
so->so_linger = TCP_LINGERTIME;
|
1993-03-21 12:45:37 +03:00
|
|
|
tp = sototcpcb(so);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* PRU_DETACH detaches the TCP protocol from the socket.
|
|
|
|
*/
|
|
|
|
case PRU_DETACH:
|
1997-06-12 22:41:14 +04:00
|
|
|
tp = tcp_disconnect(tp);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Give the socket an address.
|
|
|
|
*/
|
|
|
|
case PRU_BIND:
|
1999-07-01 12:12:45 +04:00
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
case PF_INET:
|
|
|
|
error = in_pcbbind(inp, nam, p);
|
|
|
|
break;
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
2000-06-05 10:38:22 +04:00
|
|
|
error = in6_pcbbind(in6p, nam, p);
|
2000-12-11 03:07:48 +03:00
|
|
|
if (!error) {
|
|
|
|
/* mapped addr case */
|
|
|
|
if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr))
|
|
|
|
tp->t_family = AF_INET;
|
|
|
|
else
|
|
|
|
tp->t_family = AF_INET6;
|
|
|
|
}
|
1999-07-01 12:12:45 +04:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Prepare to accept connections.
|
|
|
|
*/
|
|
|
|
case PRU_LISTEN:
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp && inp->inp_lport == 0) {
|
1996-05-22 17:54:55 +04:00
|
|
|
error = in_pcbbind(inp, (struct mbuf *)0,
|
|
|
|
(struct proc *)0);
|
1996-05-23 20:13:19 +04:00
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p && in6p->in6p_lport == 0) {
|
2000-06-05 10:38:22 +04:00
|
|
|
error = in6_pcbbind(in6p, (struct mbuf *)0,
|
|
|
|
(struct proc *)0);
|
1999-07-01 12:12:45 +04:00
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
#endif
|
1996-05-23 20:13:19 +04:00
|
|
|
tp->t_state = TCPS_LISTEN;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initiate connection to peer.
|
|
|
|
* Create a template for use in transmissions on this connection.
|
|
|
|
* Enter SYN_SENT state, and mark socket as connecting.
|
|
|
|
* Start keep-alive timer, and seed output sequence space.
|
|
|
|
* Send initial segment on connection.
|
|
|
|
*/
|
|
|
|
case PRU_CONNECT:
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp) {
|
|
|
|
if (inp->inp_lport == 0) {
|
|
|
|
error = in_pcbbind(inp, (struct mbuf *)0,
|
|
|
|
(struct proc *)0);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
error = in_pcbconnect(inp, nam);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p) {
|
1999-07-01 12:12:45 +04:00
|
|
|
if (in6p->in6p_lport == 0) {
|
2000-06-05 10:38:22 +04:00
|
|
|
error = in6_pcbbind(in6p, (struct mbuf *)0,
|
|
|
|
(struct proc *)0);
|
1999-07-01 12:12:45 +04:00
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
error = in6_pcbconnect(in6p, nam);
|
2000-12-11 03:07:48 +03:00
|
|
|
if (!error) {
|
|
|
|
/* mapped addr case */
|
|
|
|
if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr))
|
|
|
|
tp->t_family = AF_INET;
|
|
|
|
else
|
|
|
|
tp->t_family = AF_INET6;
|
|
|
|
}
|
1999-07-01 12:12:45 +04:00
|
|
|
}
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
tp->t_template = tcp_template(tp);
|
|
|
|
if (tp->t_template == 0) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp)
|
|
|
|
in_pcbdisconnect(inp);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p)
|
1999-07-01 12:12:45 +04:00
|
|
|
in6_pcbdisconnect(in6p);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
error = ENOBUFS;
|
|
|
|
break;
|
|
|
|
}
|
1994-05-13 10:02:48 +04:00
|
|
|
/* Compute window scaling to request. */
|
|
|
|
while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
|
|
|
|
(TCP_MAXWIN << tp->request_r_scale) < so->so_rcv.sb_hiwat)
|
|
|
|
tp->request_r_scale++;
|
1993-03-21 12:45:37 +03:00
|
|
|
soisconnecting(so);
|
|
|
|
tcpstat.tcps_connattempt++;
|
|
|
|
tp->t_state = TCPS_SYN_SENT;
|
1998-05-06 05:21:20 +04:00
|
|
|
TCP_TIMER_ARM(tp, TCPT_KEEP, TCPTV_KEEP_INIT);
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
tp->iss = tcp_new_iss(tp, 0);
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_sendseqinit(tp);
|
|
|
|
error = tcp_output(tp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create a TCP connection between two sockets.
|
|
|
|
*/
|
|
|
|
case PRU_CONNECT2:
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initiate disconnect from peer.
|
|
|
|
* If connection never passed embryonic stage, just drop;
|
|
|
|
* else if don't need to let data drain, then can just drop anyways,
|
|
|
|
* else have to begin TCP shutdown process: mark socket disconnecting,
|
|
|
|
* drain unread data, state switch to reflect user close, and
|
|
|
|
* send segment (e.g. FIN) to peer. Socket will be really disconnected
|
|
|
|
* when peer sends FIN and acks ours.
|
|
|
|
*
|
|
|
|
* SHOULD IMPLEMENT LATER PRU_CONNECT VIA REALLOC TCPCB.
|
|
|
|
*/
|
|
|
|
case PRU_DISCONNECT:
|
|
|
|
tp = tcp_disconnect(tp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Accept a connection. Essentially all the work is
|
|
|
|
* done at higher levels; just return the address
|
|
|
|
* of the peer, storing through addr.
|
|
|
|
*/
|
1994-01-11 02:27:39 +03:00
|
|
|
case PRU_ACCEPT:
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp)
|
|
|
|
in_setpeeraddr(inp, nam);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p)
|
1999-07-01 12:12:45 +04:00
|
|
|
in6_setpeeraddr(in6p, nam);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Mark the connection as being incapable of further output.
|
|
|
|
*/
|
|
|
|
case PRU_SHUTDOWN:
|
|
|
|
socantsendmore(so);
|
|
|
|
tp = tcp_usrclosed(tp);
|
|
|
|
if (tp)
|
|
|
|
error = tcp_output(tp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* After a receive, possibly send window update to peer.
|
|
|
|
*/
|
|
|
|
case PRU_RCVD:
|
2001-02-11 09:39:35 +03:00
|
|
|
/*
|
|
|
|
* soreceive() calls this function when a user receives
|
|
|
|
* ancillary data on a listening socket. We don't call
|
|
|
|
* tcp_output in such a case, since there is no header
|
|
|
|
* template for a listening socket and hence the kernel
|
|
|
|
* will panic.
|
|
|
|
*/
|
|
|
|
if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) != 0)
|
|
|
|
(void) tcp_output(tp);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do a send by putting data in output queue and updating urgent
|
|
|
|
* marker if URG set. Possibly send more data.
|
|
|
|
*/
|
|
|
|
case PRU_SEND:
|
1996-05-23 21:03:27 +04:00
|
|
|
if (control && control->m_len) {
|
|
|
|
m_freem(control);
|
|
|
|
m_freem(m);
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
2002-07-04 01:36:57 +04:00
|
|
|
sbappendstream(&so->so_snd, m);
|
1993-03-21 12:45:37 +03:00
|
|
|
error = tcp_output(tp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Abort the TCP.
|
|
|
|
*/
|
|
|
|
case PRU_ABORT:
|
|
|
|
tp = tcp_drop(tp, ECONNABORTED);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_SENSE:
|
1996-05-23 20:13:19 +04:00
|
|
|
/*
|
|
|
|
* stat: don't bother with a blocksize.
|
|
|
|
*/
|
|
|
|
splx(s);
|
1993-03-21 12:45:37 +03:00
|
|
|
return (0);
|
|
|
|
|
|
|
|
case PRU_RCVOOB:
|
1996-05-23 21:03:27 +04:00
|
|
|
if (control && control->m_len) {
|
|
|
|
m_freem(control);
|
|
|
|
m_freem(m);
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((so->so_oobmark == 0 &&
|
|
|
|
(so->so_state & SS_RCVATMARK) == 0) ||
|
|
|
|
so->so_options & SO_OOBINLINE ||
|
|
|
|
tp->t_oobflags & TCPOOB_HADDATA) {
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if ((tp->t_oobflags & TCPOOB_HAVEDATA) == 0) {
|
|
|
|
error = EWOULDBLOCK;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
m->m_len = 1;
|
|
|
|
*mtod(m, caddr_t) = tp->t_iobc;
|
1995-04-13 10:35:38 +04:00
|
|
|
if (((long)nam & MSG_PEEK) == 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
tp->t_oobflags ^= (TCPOOB_HAVEDATA | TCPOOB_HADDATA);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_SENDOOB:
|
|
|
|
if (sbspace(&so->so_snd) < -512) {
|
|
|
|
m_freem(m);
|
|
|
|
error = ENOBUFS;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* According to RFC961 (Assigned Protocols),
|
|
|
|
* the urgent pointer points to the last octet
|
|
|
|
* of urgent data. We continue, however,
|
|
|
|
* to consider it to indicate the first octet
|
|
|
|
* of data past the urgent section.
|
|
|
|
* Otherwise, snd_up should be one lower.
|
|
|
|
*/
|
2002-07-04 01:36:57 +04:00
|
|
|
sbappendstream(&so->so_snd, m);
|
1993-03-21 12:45:37 +03:00
|
|
|
tp->snd_up = tp->snd_una + so->so_snd.sb_cc;
|
|
|
|
tp->t_force = 1;
|
|
|
|
error = tcp_output(tp);
|
|
|
|
tp->t_force = 0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_SOCKADDR:
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp)
|
|
|
|
in_setsockaddr(inp, nam);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p)
|
1999-07-01 12:12:45 +04:00
|
|
|
in6_setsockaddr(in6p, nam);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_PEERADDR:
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp)
|
|
|
|
in_setpeeraddr(inp, nam);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p)
|
1999-07-01 12:12:45 +04:00
|
|
|
in6_setpeeraddr(in6p, nam);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
panic("tcp_usrreq");
|
|
|
|
}
|
2001-07-08 20:18:56 +04:00
|
|
|
#ifdef TCP_DEBUG
|
1993-03-21 12:45:37 +03:00
|
|
|
if (tp && (so->so_options & SO_DEBUG))
|
1999-07-01 12:12:45 +04:00
|
|
|
tcp_trace(TA_USER, ostate, tp, NULL, req);
|
2001-07-08 20:18:56 +04:00
|
|
|
#endif
|
1996-05-23 20:13:19 +04:00
|
|
|
|
|
|
|
release:
|
1993-03-21 12:45:37 +03:00
|
|
|
splx(s);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1994-01-09 02:07:16 +03:00
|
|
|
int
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_ctloutput(op, so, level, optname, mp)
|
|
|
|
int op;
|
|
|
|
struct socket *so;
|
|
|
|
int level, optname;
|
|
|
|
struct mbuf **mp;
|
|
|
|
{
|
1994-05-13 10:02:48 +04:00
|
|
|
int error = 0, s;
|
|
|
|
struct inpcb *inp;
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-03-30 16:51:13 +04:00
|
|
|
struct in6pcb *in6p;
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
2000-03-30 16:51:13 +04:00
|
|
|
struct tcpcb *tp;
|
|
|
|
struct mbuf *m;
|
|
|
|
int i;
|
1999-07-01 12:12:45 +04:00
|
|
|
int family; /* family of the socket */
|
|
|
|
|
|
|
|
family = so->so_proto->pr_domain->dom_family;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1995-08-13 03:59:09 +04:00
|
|
|
s = splsoftnet();
|
1999-07-01 12:12:45 +04:00
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
case PF_INET:
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
#ifdef INET6
|
|
|
|
in6p = NULL;
|
|
|
|
#endif
|
|
|
|
break;
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
|
|
|
inp = NULL;
|
|
|
|
in6p = sotoin6pcb(so);
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
splx(s);
|
|
|
|
return EAFNOSUPPORT;
|
|
|
|
}
|
|
|
|
#ifndef INET6
|
|
|
|
if (inp == NULL)
|
|
|
|
#else
|
|
|
|
if (inp == NULL && in6p == NULL)
|
|
|
|
#endif
|
|
|
|
{
|
1994-05-13 10:02:48 +04:00
|
|
|
splx(s);
|
|
|
|
if (op == PRCO_SETOPT && *mp)
|
|
|
|
(void) m_free(*mp);
|
|
|
|
return (ECONNRESET);
|
|
|
|
}
|
|
|
|
if (level != IPPROTO_TCP) {
|
1999-07-01 12:12:45 +04:00
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
case PF_INET:
|
|
|
|
error = ip_ctloutput(op, so, level, optname, mp);
|
|
|
|
break;
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
|
|
|
error = ip6_ctloutput(op, so, level, optname, mp);
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
}
|
1994-05-13 10:02:48 +04:00
|
|
|
splx(s);
|
|
|
|
return (error);
|
|
|
|
}
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp)
|
|
|
|
tp = intotcpcb(inp);
|
|
|
|
#ifdef INET6
|
|
|
|
else if (in6p)
|
|
|
|
tp = in6totcpcb(in6p);
|
|
|
|
#endif
|
|
|
|
else
|
|
|
|
tp = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
switch (op) {
|
|
|
|
|
|
|
|
case PRCO_SETOPT:
|
|
|
|
m = *mp;
|
|
|
|
switch (optname) {
|
|
|
|
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
|
|
|
case TCP_MD5SIG:
|
|
|
|
if (m == NULL || m->m_len < sizeof (int))
|
|
|
|
error = EINVAL;
|
|
|
|
if (error)
|
|
|
|
break;
|
2004-05-18 18:44:14 +04:00
|
|
|
if (*mtod(m, int *) > 0)
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
tp->t_flags |= TF_SIGNATURE;
|
2004-05-18 18:44:14 +04:00
|
|
|
else
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
tp->t_flags &= ~TF_SIGNATURE;
|
|
|
|
break;
|
|
|
|
#endif /* TCP_SIGNATURE */
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case TCP_NODELAY:
|
|
|
|
if (m == NULL || m->m_len < sizeof (int))
|
|
|
|
error = EINVAL;
|
|
|
|
else if (*mtod(m, int *))
|
|
|
|
tp->t_flags |= TF_NODELAY;
|
|
|
|
else
|
|
|
|
tp->t_flags &= ~TF_NODELAY;
|
|
|
|
break;
|
|
|
|
|
1994-05-13 10:02:48 +04:00
|
|
|
case TCP_MAXSEG:
|
2002-06-09 20:33:36 +04:00
|
|
|
if (m && (i = *mtod(m, int *)) > 0 &&
|
1997-11-08 05:35:22 +03:00
|
|
|
i <= tp->t_peermss)
|
|
|
|
tp->t_peermss = i; /* limit on send size */
|
1994-05-13 10:02:48 +04:00
|
|
|
else
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
1994-05-13 10:02:48 +04:00
|
|
|
error = ENOPROTOOPT;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (m)
|
|
|
|
(void) m_free(m);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRCO_GETOPT:
|
|
|
|
*mp = m = m_get(M_WAIT, MT_SOOPTS);
|
|
|
|
m->m_len = sizeof(int);
|
2003-02-26 09:31:08 +03:00
|
|
|
MCLAIM(m, so->so_mowner);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
switch (optname) {
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
|
|
|
case TCP_MD5SIG:
|
2004-05-18 18:44:14 +04:00
|
|
|
*mtod(m, int *) = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
break;
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
case TCP_NODELAY:
|
|
|
|
*mtod(m, int *) = tp->t_flags & TF_NODELAY;
|
|
|
|
break;
|
|
|
|
case TCP_MAXSEG:
|
1997-11-08 05:35:22 +03:00
|
|
|
*mtod(m, int *) = tp->t_peermss;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
default:
|
1994-05-13 10:02:48 +04:00
|
|
|
error = ENOPROTOOPT;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
1994-05-13 10:02:48 +04:00
|
|
|
splx(s);
|
1993-03-21 12:45:37 +03:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1994-10-13 17:26:15 +03:00
|
|
|
#ifndef TCP_SENDSPACE
|
2003-09-30 01:39:35 +04:00
|
|
|
#define TCP_SENDSPACE 1024*32
|
1994-10-13 17:26:15 +03:00
|
|
|
#endif
|
1997-07-29 02:18:48 +04:00
|
|
|
int tcp_sendspace = TCP_SENDSPACE;
|
1994-10-13 17:26:15 +03:00
|
|
|
#ifndef TCP_RECVSPACE
|
2003-09-30 01:39:35 +04:00
|
|
|
#define TCP_RECVSPACE 1024*32
|
1994-10-13 17:26:15 +03:00
|
|
|
#endif
|
1997-07-29 02:18:48 +04:00
|
|
|
int tcp_recvspace = TCP_RECVSPACE;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Attach TCP protocol to socket, allocating
|
|
|
|
* internet protocol control block, tcp control block,
|
|
|
|
* bufer space, and entering LISTEN state if to accept connections.
|
|
|
|
*/
|
1994-01-09 02:07:16 +03:00
|
|
|
int
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_attach(so)
|
|
|
|
struct socket *so;
|
|
|
|
{
|
2000-03-30 16:51:13 +04:00
|
|
|
struct tcpcb *tp;
|
1993-03-21 12:45:37 +03:00
|
|
|
struct inpcb *inp;
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
struct in6pcb *in6p;
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
int error;
|
1999-07-01 12:12:45 +04:00
|
|
|
int family; /* family of the socket */
|
|
|
|
|
|
|
|
family = so->so_proto->pr_domain->dom_family;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
#ifdef MBUFTRACE
|
|
|
|
so->so_mowner = &tcp_mowner;
|
|
|
|
so->so_rcv.sb_mowner = &tcp_rx_mowner;
|
|
|
|
so->so_snd.sb_mowner = &tcp_tx_mowner;
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
|
|
|
|
error = soreserve(so, tcp_sendspace, tcp_recvspace);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
}
|
1999-07-01 12:12:45 +04:00
|
|
|
switch (family) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
case PF_INET:
|
|
|
|
error = in_pcballoc(so, &tcbtable);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
#ifdef INET6
|
|
|
|
in6p = NULL;
|
|
|
|
#endif
|
|
|
|
break;
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
2003-09-04 13:16:57 +04:00
|
|
|
error = in6_pcballoc(so, &tcbtable);
|
1999-07-01 12:12:45 +04:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
inp = NULL;
|
|
|
|
in6p = sotoin6pcb(so);
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
return EAFNOSUPPORT;
|
|
|
|
}
|
|
|
|
if (inp)
|
|
|
|
tp = tcp_newtcpcb(family, (void *)inp);
|
|
|
|
#ifdef INET6
|
|
|
|
else if (in6p)
|
|
|
|
tp = tcp_newtcpcb(family, (void *)in6p);
|
|
|
|
#endif
|
1999-07-02 16:45:32 +04:00
|
|
|
else
|
|
|
|
tp = NULL;
|
1999-07-01 12:12:45 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (tp == 0) {
|
|
|
|
int nofd = so->so_state & SS_NOFDREF; /* XXX */
|
|
|
|
|
|
|
|
so->so_state &= ~SS_NOFDREF; /* don't free the socket yet */
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-07-01 12:12:45 +04:00
|
|
|
if (inp)
|
|
|
|
in_pcbdetach(inp);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
2000-10-17 07:06:42 +04:00
|
|
|
if (in6p)
|
1999-07-01 12:12:45 +04:00
|
|
|
in6_pcbdetach(in6p);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
so->so_state |= nofd;
|
|
|
|
return (ENOBUFS);
|
|
|
|
}
|
|
|
|
tp->t_state = TCPS_CLOSED;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initiate (or continue) disconnect.
|
|
|
|
* If embryonic state, just send reset (once).
|
|
|
|
* If in ``let data drain'' option and linger null, just drop.
|
|
|
|
* Otherwise (hard), mark socket disconnecting and drop
|
|
|
|
* current input data; switch states based on user close, and
|
|
|
|
* send segment to peer (with FIN).
|
|
|
|
*/
|
|
|
|
struct tcpcb *
|
|
|
|
tcp_disconnect(tp)
|
2000-03-30 16:51:13 +04:00
|
|
|
struct tcpcb *tp;
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-07-01 12:12:45 +04:00
|
|
|
struct socket *so;
|
|
|
|
|
|
|
|
if (tp->t_inpcb)
|
|
|
|
so = tp->t_inpcb->inp_socket;
|
|
|
|
#ifdef INET6
|
|
|
|
else if (tp->t_in6pcb)
|
|
|
|
so = tp->t_in6pcb->in6p_socket;
|
|
|
|
#endif
|
|
|
|
else
|
|
|
|
so = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1994-10-14 19:01:48 +03:00
|
|
|
if (TCPS_HAVEESTABLISHED(tp->t_state) == 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
tp = tcp_close(tp);
|
|
|
|
else if ((so->so_options & SO_LINGER) && so->so_linger == 0)
|
|
|
|
tp = tcp_drop(tp, 0);
|
|
|
|
else {
|
|
|
|
soisdisconnecting(so);
|
|
|
|
sbflush(&so->so_rcv);
|
|
|
|
tp = tcp_usrclosed(tp);
|
|
|
|
if (tp)
|
|
|
|
(void) tcp_output(tp);
|
|
|
|
}
|
|
|
|
return (tp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* User issued close, and wish to trail through shutdown states:
|
|
|
|
* if never received SYN, just forget it. If got a SYN from peer,
|
|
|
|
* but haven't sent FIN, then go to FIN_WAIT_1 state to send peer a FIN.
|
|
|
|
* If already got a FIN from peer, then almost done; go to LAST_ACK
|
|
|
|
* state. In all other cases, have already sent FIN to peer (e.g.
|
|
|
|
* after PRU_SHUTDOWN), and just have to play tedious game waiting
|
|
|
|
* for peer to send FIN or not respond to keep-alives, etc.
|
|
|
|
* We can let the user exit from the close as soon as the FIN is acked.
|
|
|
|
*/
|
|
|
|
struct tcpcb *
|
|
|
|
tcp_usrclosed(tp)
|
2000-03-30 16:51:13 +04:00
|
|
|
struct tcpcb *tp;
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
|
|
|
|
switch (tp->t_state) {
|
|
|
|
|
|
|
|
case TCPS_CLOSED:
|
|
|
|
case TCPS_LISTEN:
|
|
|
|
case TCPS_SYN_SENT:
|
|
|
|
tp->t_state = TCPS_CLOSED;
|
|
|
|
tp = tcp_close(tp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TCPS_SYN_RECEIVED:
|
|
|
|
case TCPS_ESTABLISHED:
|
|
|
|
tp->t_state = TCPS_FIN_WAIT_1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TCPS_CLOSE_WAIT:
|
|
|
|
tp->t_state = TCPS_LAST_ACK;
|
|
|
|
break;
|
|
|
|
}
|
1996-01-31 08:37:29 +03:00
|
|
|
if (tp && tp->t_state >= TCPS_FIN_WAIT_2) {
|
1999-07-01 12:12:45 +04:00
|
|
|
struct socket *so;
|
|
|
|
if (tp->t_inpcb)
|
|
|
|
so = tp->t_inpcb->inp_socket;
|
|
|
|
#ifdef INET6
|
|
|
|
else if (tp->t_in6pcb)
|
|
|
|
so = tp->t_in6pcb->in6p_socket;
|
|
|
|
#endif
|
|
|
|
else
|
|
|
|
so = NULL;
|
|
|
|
soisdisconnected(so);
|
1996-01-31 08:42:37 +03:00
|
|
|
/*
|
|
|
|
* If we are in FIN_WAIT_2, we arrived here because the
|
|
|
|
* application did a shutdown of the send side. Like the
|
|
|
|
* case of a transition from FIN_WAIT_1 to FIN_WAIT_2 after
|
|
|
|
* a full close, we start a timer to make sure sockets are
|
|
|
|
* not left in FIN_WAIT_2 forever.
|
|
|
|
*/
|
1998-09-10 14:46:03 +04:00
|
|
|
if ((tp->t_state == TCPS_FIN_WAIT_2) && (tcp_maxidle > 0))
|
1998-05-06 05:21:20 +04:00
|
|
|
TCP_TIMER_ARM(tp, TCPT_2MSL, tcp_maxidle);
|
1996-01-31 08:37:29 +03:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
return (tp);
|
|
|
|
}
|
1995-09-30 10:02:00 +03:00
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
/*
|
|
|
|
* sysctl helper routine for net.inet.ip.mssdflt. it can't be less
|
|
|
|
* than 32.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
sysctl_net_inet_tcp_mssdflt(SYSCTLFN_ARGS)
|
|
|
|
{
|
|
|
|
int error, mssdflt;
|
|
|
|
struct sysctlnode node;
|
|
|
|
|
|
|
|
mssdflt = tcp_mssdflt;
|
|
|
|
node = *rnode;
|
|
|
|
node.sysctl_data = &mssdflt;
|
|
|
|
error = sysctl_lookup(SYSCTLFN_CALL(&node));
|
|
|
|
if (error || newp == NULL)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (mssdflt < 32)
|
|
|
|
return (EINVAL);
|
|
|
|
tcp_mssdflt = mssdflt;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
1998-04-30 00:43:29 +04:00
|
|
|
|
1995-09-30 10:02:00 +03:00
|
|
|
/*
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
* sysctl helper routine for setting port related values under
|
|
|
|
* net.inet.ip and net.inet6.ip6. does basic range checking and does
|
|
|
|
* additional checks for each type. this code has placed in
|
|
|
|
* tcp_input.c since INET and INET6 both use the same tcp code.
|
|
|
|
*
|
|
|
|
* this helper is not static so that both inet and inet6 can use it.
|
1995-09-30 10:02:00 +03:00
|
|
|
*/
|
|
|
|
int
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
sysctl_net_inet_ip_ports(SYSCTLFN_ARGS)
|
1995-09-30 10:02:00 +03:00
|
|
|
{
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
int error, tmp;
|
|
|
|
int apmin, apmax;
|
|
|
|
#ifndef IPNOPRIVPORTS
|
|
|
|
int lpmin, lpmax;
|
|
|
|
#endif /* IPNOPRIVPORTS */
|
|
|
|
struct sysctlnode node;
|
|
|
|
|
|
|
|
if (namelen != 0)
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
switch (name[-3]) {
|
|
|
|
#ifdef INET
|
|
|
|
case PF_INET:
|
|
|
|
apmin = anonportmin;
|
|
|
|
apmax = anonportmax;
|
|
|
|
#ifndef IPNOPRIVPORTS
|
|
|
|
lpmin = lowportmin;
|
|
|
|
lpmax = lowportmax;
|
|
|
|
#endif /* IPNOPRIVPORTS */
|
|
|
|
break;
|
|
|
|
#endif /* INET */
|
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
|
|
|
apmin = ip6_anonportmin;
|
|
|
|
apmax = ip6_anonportmax;
|
|
|
|
#ifndef IPNOPRIVPORTS
|
|
|
|
lpmin = ip6_lowportmin;
|
|
|
|
lpmax = ip6_lowportmax;
|
|
|
|
#endif /* IPNOPRIVPORTS */
|
|
|
|
break;
|
|
|
|
#endif /* INET6 */
|
|
|
|
default:
|
|
|
|
return (EINVAL);
|
1998-09-10 23:53:28 +04:00
|
|
|
}
|
1998-09-10 14:46:03 +04:00
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
/*
|
|
|
|
* insert temporary copy into node, perform lookup on
|
|
|
|
* temporary, then restore pointer
|
|
|
|
*/
|
|
|
|
node = *rnode;
|
|
|
|
tmp = *(int*)rnode->sysctl_data;
|
|
|
|
node.sysctl_data = &tmp;
|
|
|
|
error = sysctl_lookup(SYSCTLFN_CALL(&node));
|
|
|
|
if (error || newp == NULL)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* simple port range check
|
|
|
|
*/
|
|
|
|
if (tmp < 0 || tmp > 65535)
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* per-node range checks
|
|
|
|
*/
|
|
|
|
switch (rnode->sysctl_num) {
|
|
|
|
case IPCTL_ANONPORTMIN:
|
|
|
|
if (tmp >= apmax)
|
|
|
|
return (EINVAL);
|
|
|
|
#ifndef IPNOPRIVPORTS
|
|
|
|
if (tmp < IPPORT_RESERVED)
|
|
|
|
return (EINVAL);
|
|
|
|
#endif /* IPNOPRIVPORTS */
|
|
|
|
break;
|
|
|
|
|
|
|
|
case IPCTL_ANONPORTMAX:
|
|
|
|
if (apmin >= tmp)
|
|
|
|
return (EINVAL);
|
|
|
|
#ifndef IPNOPRIVPORTS
|
|
|
|
if (tmp < IPPORT_RESERVED)
|
|
|
|
return (EINVAL);
|
|
|
|
#endif /* IPNOPRIVPORTS */
|
|
|
|
break;
|
2003-04-20 00:58:35 +04:00
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
#ifndef IPNOPRIVPORTS
|
|
|
|
case IPCTL_LOWPORTMIN:
|
|
|
|
if (tmp >= lpmax ||
|
|
|
|
tmp > IPPORT_RESERVEDMAX ||
|
|
|
|
tmp < IPPORT_RESERVEDMIN)
|
|
|
|
return (EINVAL);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case IPCTL_LOWPORTMAX:
|
|
|
|
if (lpmin >= tmp ||
|
|
|
|
tmp > IPPORT_RESERVEDMAX ||
|
|
|
|
tmp < IPPORT_RESERVEDMIN)
|
|
|
|
return (EINVAL);
|
|
|
|
break;
|
|
|
|
#endif /* IPNOPRIVPORTS */
|
|
|
|
|
|
|
|
default:
|
|
|
|
return (EINVAL);
|
|
|
|
}
|
2003-04-20 00:58:35 +04:00
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
*(int*)rnode->sysctl_data = tmp;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* sysctl helper routine for the net.inet.tcp.ident and
|
|
|
|
* net.inet6.tcp6.ident nodes. contains backwards compat code for the
|
|
|
|
* old way of looking up the ident information for ipv4 which involves
|
|
|
|
* stuffing the port/addr pairs into the mib lookup.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
sysctl_net_inet_tcp_ident(SYSCTLFN_ARGS)
|
2003-04-20 00:58:35 +04:00
|
|
|
{
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
#ifdef INET
|
2003-04-20 00:58:35 +04:00
|
|
|
struct inpcb *inb;
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
struct sockaddr_in *si4[2];
|
|
|
|
#endif /* INET */
|
|
|
|
#ifdef INET6
|
|
|
|
struct in6pcb *in6b;
|
|
|
|
struct sockaddr_in6 *si6[2];
|
|
|
|
#endif /* INET6 */
|
|
|
|
struct sockaddr_storage sa[2];
|
|
|
|
struct socket *sockp;
|
|
|
|
size_t sz;
|
2003-04-20 00:58:35 +04:00
|
|
|
uid_t uid;
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
int error, pf;
|
2003-04-20 00:58:35 +04:00
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
if (namelen != 4 && namelen != 0)
|
|
|
|
return (EINVAL);
|
|
|
|
if (name[-2] != IPPROTO_TCP)
|
|
|
|
return (EINVAL);
|
|
|
|
pf = name[-3];
|
|
|
|
|
|
|
|
/* old style lookup, ipv4 only */
|
|
|
|
if (namelen == 4) {
|
|
|
|
#ifdef INET
|
2004-03-29 08:59:02 +04:00
|
|
|
struct in_addr laddr, raddr;
|
|
|
|
u_int lport, rport;
|
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
if (pf != PF_INET)
|
|
|
|
return (EPROTONOSUPPORT);
|
|
|
|
raddr.s_addr = (uint32_t)name[0];
|
|
|
|
rport = (u_int)name[1];
|
|
|
|
laddr.s_addr = (uint32_t)name[2];
|
|
|
|
lport = (u_int)name[3];
|
|
|
|
inb = in_pcblookup_connect(&tcbtable, raddr, rport,
|
|
|
|
laddr, lport);
|
|
|
|
if (inb == NULL || (sockp = inb->inp_socket) == NULL)
|
|
|
|
return (ESRCH);
|
|
|
|
uid = sockp->so_uid;
|
|
|
|
if (oldp) {
|
|
|
|
sz = MIN(sizeof(uid), *oldlenp);
|
|
|
|
error = copyout(&uid, oldp, sz);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
*oldlenp = sizeof(uid);
|
|
|
|
return (0);
|
|
|
|
#else /* INET */
|
|
|
|
return (EINVAL);
|
|
|
|
#endif /* INET */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (newp == NULL || newlen != sizeof(sa))
|
|
|
|
return (EINVAL);
|
|
|
|
error = copyin(newp, &sa, newlen);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* requested families must match
|
|
|
|
*/
|
|
|
|
if (pf != sa[0].ss_family || sa[0].ss_family != sa[1].ss_family)
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
switch (pf) {
|
|
|
|
#ifdef INET
|
|
|
|
case PF_INET:
|
|
|
|
si4[0] = (struct sockaddr_in*)&sa[0];
|
|
|
|
si4[1] = (struct sockaddr_in*)&sa[1];
|
|
|
|
if (si4[0]->sin_len != sizeof(*si4[0]) ||
|
|
|
|
si4[0]->sin_len != si4[1]->sin_len)
|
|
|
|
return (EINVAL);
|
|
|
|
inb = in_pcblookup_connect(&tcbtable,
|
|
|
|
si4[0]->sin_addr, si4[0]->sin_port,
|
|
|
|
si4[1]->sin_addr, si4[1]->sin_port);
|
|
|
|
if (inb == NULL || (sockp = inb->inp_socket) == NULL)
|
|
|
|
return (ESRCH);
|
|
|
|
break;
|
|
|
|
#endif /* INET */
|
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
|
|
|
si6[0] = (struct sockaddr_in6*)&sa[0];
|
|
|
|
si6[1] = (struct sockaddr_in6*)&sa[1];
|
|
|
|
if (si6[0]->sin6_len != sizeof(*si6[0]) ||
|
|
|
|
si6[0]->sin6_len != si6[1]->sin6_len)
|
|
|
|
return (EINVAL);
|
|
|
|
in6b = in6_pcblookup_connect(&tcbtable,
|
|
|
|
&si6[0]->sin6_addr, si6[0]->sin6_port,
|
|
|
|
&si6[1]->sin6_addr, si6[1]->sin6_port, 0);
|
|
|
|
if (in6b == NULL || (sockp = in6b->in6p_socket) == NULL)
|
|
|
|
return (ESRCH);
|
|
|
|
break;
|
|
|
|
#endif /* INET6 */
|
|
|
|
default:
|
|
|
|
return (EPROTONOSUPPORT);
|
|
|
|
}
|
|
|
|
|
|
|
|
uid = sockp->so_uid;
|
|
|
|
if (oldp) {
|
|
|
|
sz = MIN(sizeof(uid), *oldlenp);
|
|
|
|
error = copyout(&uid, oldp, sz);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
*oldlenp = sizeof(uid);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* this (second stage) setup routine is a replacement for tcp_sysctl()
|
|
|
|
* (which is currently used for ipv4 and ipv6)
|
|
|
|
*/
|
|
|
|
static void
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_net_inet_tcp_setup2(struct sysctllog **clog, int pf, const char *pfname,
|
|
|
|
const char *tcpname)
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
{
|
|
|
|
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
CTLTYPE_NODE, "net", NULL,
|
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
CTLTYPE_NODE, pfname, NULL,
|
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, pf, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_NODE, tcpname,
|
|
|
|
SYSCTL_DESCR("TCP related settings"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, CTL_EOL);
|
|
|
|
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "rfc1323",
|
|
|
|
SYSCTL_DESCR("Enable RFC1323 TCP extensions"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_do_rfc1323, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_RFC1323, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "sendspace",
|
|
|
|
SYSCTL_DESCR("Default TCP send buffer size"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_sendspace, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_SENDSPACE, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "recvspace",
|
|
|
|
SYSCTL_DESCR("Default TCP receive buffer size"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_recvspace, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_RECVSPACE, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "mssdflt",
|
|
|
|
SYSCTL_DESCR("Default maximum segment size"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
sysctl_net_inet_tcp_mssdflt, 0, &tcp_mssdflt, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_MSSDFLT, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "syn_cache_limit",
|
|
|
|
SYSCTL_DESCR("Maximum number of entries in the TCP "
|
|
|
|
"compressed state engine"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_syn_cache_limit, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_SYN_CACHE_LIMIT,
|
|
|
|
CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "syn_bucket_limit",
|
|
|
|
SYSCTL_DESCR("Maximum number of entries per hash "
|
|
|
|
"bucket in the TCP compressed state "
|
|
|
|
"engine"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_syn_bucket_limit, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_SYN_BUCKET_LIMIT,
|
|
|
|
CTL_EOL);
|
|
|
|
#if 0 /* obsoleted */
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "syn_cache_interval",
|
|
|
|
SYSCTL_DESCR("TCP compressed state engine's timer interval"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_syn_cache_interval, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_SYN_CACHE_INTER,
|
|
|
|
CTL_EOL);
|
|
|
|
#endif
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "init_win",
|
|
|
|
SYSCTL_DESCR("Initial TCP congestion window"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_init_win, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_INIT_WIN, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "mss_ifmtu",
|
|
|
|
SYSCTL_DESCR("Use interface MTU for calculating MSS"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_mss_ifmtu, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_MSS_IFMTU, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "sack",
|
|
|
|
SYSCTL_DESCR("Enable RFC2018 Selection ACKnowledgement "
|
|
|
|
"(not implemented)"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_do_sack, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_SACK, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "win_scale",
|
|
|
|
SYSCTL_DESCR("Use RFC1323 window scale options"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_do_win_scale, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_WSCALE, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "timestamps",
|
|
|
|
SYSCTL_DESCR("Use RFC1323 time stamp options"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_do_timestamps, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_TSTAMP, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "compat_42",
|
|
|
|
SYSCTL_DESCR("Enable workarounds for 4.2BSD TCP bugs"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_compat_42, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_COMPAT_42, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "cwm",
|
|
|
|
SYSCTL_DESCR("Hughes/Touch/Heidemann Congestion Window "
|
|
|
|
"Monitoring"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_cwm, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_CWM, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "cwm_burstsize",
|
|
|
|
SYSCTL_DESCR("Congestion Window Monitoring allowed "
|
|
|
|
"burst count in packets"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_cwm_burstsize, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_CWM_BURSTSIZE,
|
|
|
|
CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "ack_on_push",
|
|
|
|
SYSCTL_DESCR("Immediately return ACK when PSH is "
|
|
|
|
"received"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_ack_on_push, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_ACK_ON_PUSH, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "keepidle",
|
|
|
|
SYSCTL_DESCR("Allowed connection idle ticks before a "
|
|
|
|
"keepalive probe is sent"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_keepidle, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_KEEPIDLE, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "keepintvl",
|
|
|
|
SYSCTL_DESCR("Ticks before next keepalive probe is sent"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_keepintvl, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_KEEPINTVL, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "keepcnt",
|
|
|
|
SYSCTL_DESCR("Number of keepalive probes to send"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_keepcnt, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_KEEPCNT, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "slowhz",
|
|
|
|
SYSCTL_DESCR("Keepalive ticks per second"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, PR_SLOWHZ, NULL, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_SLOWHZ, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "newreno",
|
|
|
|
SYSCTL_DESCR("NewReno congestion control algorithm"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_do_newreno, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_NEWRENO, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "log_refused",
|
|
|
|
SYSCTL_DESCR("Log refused TCP connections"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_log_refused, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_LOG_REFUSED, CTL_EOL);
|
|
|
|
#if 0 /* obsoleted */
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
CTLTYPE_INT, "rstratelimit", NULL,
|
|
|
|
NULL, 0, &tcp_rst_ratelim, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_RSTRATELIMIT, CTL_EOL);
|
|
|
|
#endif
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "rstppslimit",
|
|
|
|
SYSCTL_DESCR("Maximum number of RST packets to send "
|
|
|
|
"per second"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_rst_ppslim, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_RSTPPSLIMIT, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "delack_ticks",
|
|
|
|
SYSCTL_DESCR("Number of ticks to delay sending an ACK"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_delack_ticks, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_DELACK_TICKS, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "init_win_local",
|
|
|
|
SYSCTL_DESCR("Initial TCP window size (in segments)"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &tcp_init_win_local, 0,
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_INIT_WIN_LOCAL,
|
|
|
|
CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_STRUCT, "ident",
|
|
|
|
SYSCTL_DESCR("RFC1413 Identification Protocol lookups"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
sysctl_net_inet_tcp_ident, 0, NULL, sizeof(uid_t),
|
|
|
|
CTL_NET, pf, IPPROTO_TCP, TCPCTL_IDENT, CTL_EOL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Sysctl for tcp variables.
|
|
|
|
*/
|
|
|
|
#ifdef INET
|
|
|
|
SYSCTL_SETUP(sysctl_net_inet_tcp_setup, "sysctl net.inet.tcp subtree setup")
|
|
|
|
{
|
|
|
|
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_net_inet_tcp_setup2(clog, PF_INET, "inet", "tcp");
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
}
|
|
|
|
#endif /* INET */
|
2003-04-20 00:58:35 +04:00
|
|
|
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
#ifdef INET6
|
|
|
|
SYSCTL_SETUP(sysctl_net_inet6_tcp6_setup, "sysctl net.inet6.tcp6 subtree setup")
|
|
|
|
{
|
2003-04-20 00:58:35 +04:00
|
|
|
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_net_inet_tcp_setup2(clog, PF_INET6, "inet6", "tcp6");
|
2003-04-20 00:58:35 +04:00
|
|
|
}
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
#endif /* INET6 */
|
|
|
|
|