implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable.

This commit is contained in:
itojun 2000-08-26 11:03:45 +00:00
parent 3c7320bedf
commit 152da24bd9
7 changed files with 119 additions and 16 deletions

View File

@ -1,4 +1,4 @@
.\" $NetBSD: sysctl.3,v 1.67 2000/08/26 11:00:42 itojun Exp $
.\" $NetBSD: sysctl.3,v 1.68 2000/08/26 11:03:45 itojun Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@ -877,6 +877,10 @@ The currently defined protocols and names are:
.It ip6 use_deprecated integer yes
.It ip6 rr_prune integer yes
.It ip6 bindv6only integer yes
.It ip6 anonportmin integer yes
.It ip6 anonportmax integer yes
.It ip6 lowportmin integer yes
.It ip6 lowportmax integer yes
.It icmp6 rediraccept integer yes
.It icmp6 redirtimeout integer yes
.It icmp6 nd6_prune integer yes
@ -975,6 +979,24 @@ socket.
Please refer to
.Xr ip6 4
for detail.
.It Li ip6.anonportmin
The lowest port number to use for TCP and UDP ephemeral port allocation.
This cannot be set to less than 1024 or greater than 65535.
.It Li ip6.anonportmax
The highest port number to use for TCP and UDP ephemeral port allocation.
This cannot be set to less than 1024 or greater than 65535, and must
be greater than
.Li ip6.anonportmin .
.It Li ip6.lowportmin
The lowest port number to use for TCP and UDP reserved port allocation.
This cannot be set to less than 0 or greater than 1024, and must
be smaller than
.Li ip6.lowportmax .
.It Li ip6.lowportmax
The highest port number to use for TCP and UDP reserved port allocation.
This cannot be set to less than 0 or greater than 1024, and must
be greater than
.Li ip6.lowportmin .
.It Li icmp6.rediraccept
If set to non-zero, the host will accept ICMPv6 redirect packets.
Note that IPv6 routers will never accept ICMPv6 redirect packets,

View File

@ -1,4 +1,4 @@
.\" $NetBSD: sysctl.8,v 1.53 2000/08/26 11:00:41 itojun Exp $
.\" $NetBSD: sysctl.8,v 1.54 2000/08/26 11:03:45 itojun Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@ -255,6 +255,8 @@ privilege can change the value.
.It net.inet6.icmp6.rediraccept integer yes
.It net.inet6.icmp6.redirtimeout integer yes
.It net.inet6.ip6.accept_rtadv integer yes
.It net.inet6.ip6.anonportmax integer yes
.It net.inet6.ip6.anonportmin integer yes
.It net.inet6.ip6.auto_flowlabel integer yes
.It net.inet6.ip6.bindv6only integer yes
.It net.inet6.ip6.dad_count integer yes
@ -266,6 +268,8 @@ privilege can change the value.
.It net.inet6.ip6.kame_version string no
.It net.inet6.ip6.keepfaith integer yes
.It net.inet6.ip6.log_interval integer yes
.It net.inet6.ip6.lowportmax integer yes
.It net.inet6.ip6.lowportmin integer yes
.It net.inet6.ip6.maxfragpackets integer yes
.It net.inet6.ip6.redirect integer yes
.It net.inet6.ip6.rr_prune integer yes

View File

@ -1,5 +1,5 @@
/* $NetBSD: in6.h,v 1.18 2000/07/16 01:10:34 itojun Exp $ */
/* $KAME: in6.h,v 1.52 2000/07/15 15:28:02 itojun Exp $ */
/* $NetBSD: in6.h,v 1.19 2000/08/26 11:03:46 itojun Exp $ */
/* $KAME: in6.h,v 1.57 2000/08/26 10:00:45 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -523,8 +523,14 @@ struct in6_pktinfo {
#define IPV6CTL_USE_DEPRECATED 21 /* use deprecated addr (RFC2462 5.5.4) */
#define IPV6CTL_RR_PRUNE 22 /* walk timer for router renumbering */
#define IPV6CTL_BINDV6ONLY 24
/* 25 to 27: reserved */
#define IPV6CTL_ANONPORTMIN 28 /* minimum ephemeral port */
#define IPV6CTL_ANONPORTMAX 29 /* maximum ephemeral port */
#define IPV6CTL_LOWPORTMIN 30 /* minimum reserved port */
#define IPV6CTL_LOWPORTMAX 31 /* maximum reserved port */
/* New entries should be added here from current IPV6CTL_MAXID value. */
#define IPV6CTL_MAXID 25
/* to define items, should talk with KAME guys first, for *BSD compatibility */
#define IPV6CTL_MAXID 32
#define IPV6CTL_NAMES { \
{ 0, 0 }, \
@ -552,6 +558,13 @@ struct in6_pktinfo {
{ "rr_prune", CTLTYPE_INT }, \
{ 0, 0 }, \
{ "bindv6only", CTLTYPE_INT }, \
{ 0, 0 }, \
{ 0, 0 }, \
{ 0, 0 }, \
{ "anonportmin", CTLTYPE_INT }, \
{ "anonportmax", CTLTYPE_INT }, \
{ "lowportmin", CTLTYPE_INT }, \
{ "lowportmax", CTLTYPE_INT }, \
}
#endif /* !_XOPEN_SOURCE */

View File

@ -1,5 +1,5 @@
/* $NetBSD: in6_pcb.c,v 1.29 2000/07/07 15:54:18 itojun Exp $ */
/* $KAME: in6_pcb.c,v 1.57 2000/07/07 10:27:12 itojun Exp $ */
/* $NetBSD: in6_pcb.c,v 1.30 2000/08/26 11:03:46 itojun Exp $ */
/* $KAME: in6_pcb.c,v 1.63 2000/08/26 10:00:45 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -103,6 +103,11 @@ extern struct ifnet loif[NLOOP];
struct in6_addr zeroin6_addr;
int ip6_anonportmin = IPV6PORT_ANONMIN;
int ip6_anonportmax = IPV6PORT_ANONMAX;
int ip6_lowportmin = IPV6PORT_RESERVEDMIN;
int ip6_lowportmax = IPV6PORT_RESERVEDMAX;
int
in6_pcballoc(so, head)
struct socket *so;

View File

@ -1,5 +1,5 @@
/* $NetBSD: in6_src.c,v 1.3 2000/08/26 10:40:03 itojun Exp $ */
/* $KAME: in6_src.c,v 1.27 2000/06/21 08:07:13 itojun Exp $ */
/* $NetBSD: in6_src.c,v 1.4 2000/08/26 11:03:46 itojun Exp $ */
/* $KAME: in6_src.c,v 1.34 2000/08/26 10:00:45 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -349,11 +349,11 @@ in6_pcbsetport(laddr, in6p)
if (p == 0 || (suser(p->p_ucred, &p->p_acflag) != 0))
return (EACCES);
#endif
min = IPV6PORT_RESERVEDMIN;
max = IPV6PORT_RESERVEDMAX;
min = ip6_lowportmin;
max = ip6_lowportmax;
} else {
min = IPV6PORT_ANONMIN;
max = IPV6PORT_ANONMAX;
min = ip6_anonportmin;
max = ip6_anonportmax;
}
/* value out of range */

View File

@ -1,5 +1,5 @@
/* $NetBSD: ip6_input.c,v 1.25 2000/07/06 12:36:19 itojun Exp $ */
/* $KAME: ip6_input.c,v 1.95 2000/07/02 07:49:37 jinmei Exp $ */
/* $NetBSD: ip6_input.c,v 1.26 2000/08/26 11:03:46 itojun Exp $ */
/* $KAME: ip6_input.c,v 1.119 2000/08/26 10:00:45 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -1365,6 +1365,8 @@ ip6_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
void *newp;
size_t newlen;
{
int old, error;
/* All sysctl names at this level are terminal. */
if (namelen != 1)
return ENOTDIR;
@ -1415,6 +1417,58 @@ ip6_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
case IPV6CTL_BINDV6ONLY:
return sysctl_int(oldp, oldlenp, newp, newlen,
&ip6_bindv6only);
#endif
case IPV6CTL_ANONPORTMIN:
old = ip6_anonportmin;
error = sysctl_int(oldp, oldlenp, newp, newlen,
&ip6_anonportmin);
if (ip6_anonportmin >= ip6_anonportmax || ip6_anonportmin < 0 ||
ip6_anonportmin > 65535
#ifndef IPNOPRIVPORTS
|| ip6_anonportmin < IPV6PORT_RESERVED
#endif
) {
ip6_anonportmin = old;
return (EINVAL);
}
return (error);
case IPV6CTL_ANONPORTMAX:
old = ip6_anonportmax;
error = sysctl_int(oldp, oldlenp, newp, newlen,
&ip6_anonportmax);
if (ip6_anonportmin >= ip6_anonportmax || ip6_anonportmax < 0 ||
ip6_anonportmax > 65535
#ifndef IPNOPRIVPORTS
|| ip6_anonportmax < IPV6PORT_RESERVED
#endif
) {
ip6_anonportmax = old;
return (EINVAL);
}
return (error);
#ifndef IPNOPRIVPORTS
case IPV6CTL_LOWPORTMIN:
old = ip6_lowportmin;
error = sysctl_int(oldp, oldlenp, newp, newlen,
&ip6_lowportmin);
if (ip6_lowportmin >= ip6_lowportmax ||
ip6_lowportmin > IPV6PORT_RESERVEDMAX ||
ip6_lowportmin < IPV6PORT_RESERVEDMIN) {
ip6_lowportmin = old;
return (EINVAL);
}
return (error);
case IPV6CTL_LOWPORTMAX:
old = ip6_lowportmax;
error = sysctl_int(oldp, oldlenp, newp, newlen,
&ip6_lowportmax);
if (ip6_lowportmin >= ip6_lowportmax ||
ip6_lowportmax > IPV6PORT_RESERVEDMAX ||
ip6_lowportmax < IPV6PORT_RESERVEDMIN) {
ip6_lowportmax = old;
return (EINVAL);
}
return (error);
#endif
default:
return EOPNOTSUPP;

View File

@ -1,4 +1,4 @@
/* $NetBSD: ip6_var.h,v 1.14 2000/07/13 05:34:22 itojun Exp $ */
/* $NetBSD: ip6_var.h,v 1.15 2000/08/26 11:03:46 itojun Exp $ */
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
/*
@ -233,6 +233,11 @@ extern int ip6_dad_count; /* DupAddrDetectionTransmits */
extern u_int32_t ip6_flow_seq;
extern int ip6_auto_flowlabel;
extern int ip6_anonportmin; /* minimum ephemeral port */
extern int ip6_anonportmax; /* maximum ephemeral port */
extern int ip6_lowportmin; /* minimum reserved port */
extern int ip6_lowportmax; /* maximum reserved port */
struct in6pcb;
int icmp6_ctloutput __P((int, struct socket *, int, int, struct mbuf **));