implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable.
This commit is contained in:
parent
3c7320bedf
commit
152da24bd9
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: sysctl.3,v 1.67 2000/08/26 11:00:42 itojun Exp $
|
||||
.\" $NetBSD: sysctl.3,v 1.68 2000/08/26 11:03:45 itojun Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -877,6 +877,10 @@ The currently defined protocols and names are:
|
||||
.It ip6 use_deprecated integer yes
|
||||
.It ip6 rr_prune integer yes
|
||||
.It ip6 bindv6only integer yes
|
||||
.It ip6 anonportmin integer yes
|
||||
.It ip6 anonportmax integer yes
|
||||
.It ip6 lowportmin integer yes
|
||||
.It ip6 lowportmax integer yes
|
||||
.It icmp6 rediraccept integer yes
|
||||
.It icmp6 redirtimeout integer yes
|
||||
.It icmp6 nd6_prune integer yes
|
||||
@ -975,6 +979,24 @@ socket.
|
||||
Please refer to
|
||||
.Xr ip6 4
|
||||
for detail.
|
||||
.It Li ip6.anonportmin
|
||||
The lowest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535.
|
||||
.It Li ip6.anonportmax
|
||||
The highest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535, and must
|
||||
be greater than
|
||||
.Li ip6.anonportmin .
|
||||
.It Li ip6.lowportmin
|
||||
The lowest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be smaller than
|
||||
.Li ip6.lowportmax .
|
||||
.It Li ip6.lowportmax
|
||||
The highest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be greater than
|
||||
.Li ip6.lowportmin .
|
||||
.It Li icmp6.rediraccept
|
||||
If set to non-zero, the host will accept ICMPv6 redirect packets.
|
||||
Note that IPv6 routers will never accept ICMPv6 redirect packets,
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: sysctl.8,v 1.53 2000/08/26 11:00:41 itojun Exp $
|
||||
.\" $NetBSD: sysctl.8,v 1.54 2000/08/26 11:03:45 itojun Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -255,6 +255,8 @@ privilege can change the value.
|
||||
.It net.inet6.icmp6.rediraccept integer yes
|
||||
.It net.inet6.icmp6.redirtimeout integer yes
|
||||
.It net.inet6.ip6.accept_rtadv integer yes
|
||||
.It net.inet6.ip6.anonportmax integer yes
|
||||
.It net.inet6.ip6.anonportmin integer yes
|
||||
.It net.inet6.ip6.auto_flowlabel integer yes
|
||||
.It net.inet6.ip6.bindv6only integer yes
|
||||
.It net.inet6.ip6.dad_count integer yes
|
||||
@ -266,6 +268,8 @@ privilege can change the value.
|
||||
.It net.inet6.ip6.kame_version string no
|
||||
.It net.inet6.ip6.keepfaith integer yes
|
||||
.It net.inet6.ip6.log_interval integer yes
|
||||
.It net.inet6.ip6.lowportmax integer yes
|
||||
.It net.inet6.ip6.lowportmin integer yes
|
||||
.It net.inet6.ip6.maxfragpackets integer yes
|
||||
.It net.inet6.ip6.redirect integer yes
|
||||
.It net.inet6.ip6.rr_prune integer yes
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* $NetBSD: in6.h,v 1.18 2000/07/16 01:10:34 itojun Exp $ */
|
||||
/* $KAME: in6.h,v 1.52 2000/07/15 15:28:02 itojun Exp $ */
|
||||
/* $NetBSD: in6.h,v 1.19 2000/08/26 11:03:46 itojun Exp $ */
|
||||
/* $KAME: in6.h,v 1.57 2000/08/26 10:00:45 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -523,8 +523,14 @@ struct in6_pktinfo {
|
||||
#define IPV6CTL_USE_DEPRECATED 21 /* use deprecated addr (RFC2462 5.5.4) */
|
||||
#define IPV6CTL_RR_PRUNE 22 /* walk timer for router renumbering */
|
||||
#define IPV6CTL_BINDV6ONLY 24
|
||||
/* 25 to 27: reserved */
|
||||
#define IPV6CTL_ANONPORTMIN 28 /* minimum ephemeral port */
|
||||
#define IPV6CTL_ANONPORTMAX 29 /* maximum ephemeral port */
|
||||
#define IPV6CTL_LOWPORTMIN 30 /* minimum reserved port */
|
||||
#define IPV6CTL_LOWPORTMAX 31 /* maximum reserved port */
|
||||
/* New entries should be added here from current IPV6CTL_MAXID value. */
|
||||
#define IPV6CTL_MAXID 25
|
||||
/* to define items, should talk with KAME guys first, for *BSD compatibility */
|
||||
#define IPV6CTL_MAXID 32
|
||||
|
||||
#define IPV6CTL_NAMES { \
|
||||
{ 0, 0 }, \
|
||||
@ -552,6 +558,13 @@ struct in6_pktinfo {
|
||||
{ "rr_prune", CTLTYPE_INT }, \
|
||||
{ 0, 0 }, \
|
||||
{ "bindv6only", CTLTYPE_INT }, \
|
||||
{ 0, 0 }, \
|
||||
{ 0, 0 }, \
|
||||
{ 0, 0 }, \
|
||||
{ "anonportmin", CTLTYPE_INT }, \
|
||||
{ "anonportmax", CTLTYPE_INT }, \
|
||||
{ "lowportmin", CTLTYPE_INT }, \
|
||||
{ "lowportmax", CTLTYPE_INT }, \
|
||||
}
|
||||
|
||||
#endif /* !_XOPEN_SOURCE */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* $NetBSD: in6_pcb.c,v 1.29 2000/07/07 15:54:18 itojun Exp $ */
|
||||
/* $KAME: in6_pcb.c,v 1.57 2000/07/07 10:27:12 itojun Exp $ */
|
||||
/* $NetBSD: in6_pcb.c,v 1.30 2000/08/26 11:03:46 itojun Exp $ */
|
||||
/* $KAME: in6_pcb.c,v 1.63 2000/08/26 10:00:45 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -103,6 +103,11 @@ extern struct ifnet loif[NLOOP];
|
||||
|
||||
struct in6_addr zeroin6_addr;
|
||||
|
||||
int ip6_anonportmin = IPV6PORT_ANONMIN;
|
||||
int ip6_anonportmax = IPV6PORT_ANONMAX;
|
||||
int ip6_lowportmin = IPV6PORT_RESERVEDMIN;
|
||||
int ip6_lowportmax = IPV6PORT_RESERVEDMAX;
|
||||
|
||||
int
|
||||
in6_pcballoc(so, head)
|
||||
struct socket *so;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* $NetBSD: in6_src.c,v 1.3 2000/08/26 10:40:03 itojun Exp $ */
|
||||
/* $KAME: in6_src.c,v 1.27 2000/06/21 08:07:13 itojun Exp $ */
|
||||
/* $NetBSD: in6_src.c,v 1.4 2000/08/26 11:03:46 itojun Exp $ */
|
||||
/* $KAME: in6_src.c,v 1.34 2000/08/26 10:00:45 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -349,11 +349,11 @@ in6_pcbsetport(laddr, in6p)
|
||||
if (p == 0 || (suser(p->p_ucred, &p->p_acflag) != 0))
|
||||
return (EACCES);
|
||||
#endif
|
||||
min = IPV6PORT_RESERVEDMIN;
|
||||
max = IPV6PORT_RESERVEDMAX;
|
||||
min = ip6_lowportmin;
|
||||
max = ip6_lowportmax;
|
||||
} else {
|
||||
min = IPV6PORT_ANONMIN;
|
||||
max = IPV6PORT_ANONMAX;
|
||||
min = ip6_anonportmin;
|
||||
max = ip6_anonportmax;
|
||||
}
|
||||
|
||||
/* value out of range */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* $NetBSD: ip6_input.c,v 1.25 2000/07/06 12:36:19 itojun Exp $ */
|
||||
/* $KAME: ip6_input.c,v 1.95 2000/07/02 07:49:37 jinmei Exp $ */
|
||||
/* $NetBSD: ip6_input.c,v 1.26 2000/08/26 11:03:46 itojun Exp $ */
|
||||
/* $KAME: ip6_input.c,v 1.119 2000/08/26 10:00:45 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -1365,6 +1365,8 @@ ip6_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
|
||||
void *newp;
|
||||
size_t newlen;
|
||||
{
|
||||
int old, error;
|
||||
|
||||
/* All sysctl names at this level are terminal. */
|
||||
if (namelen != 1)
|
||||
return ENOTDIR;
|
||||
@ -1415,6 +1417,58 @@ ip6_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
|
||||
case IPV6CTL_BINDV6ONLY:
|
||||
return sysctl_int(oldp, oldlenp, newp, newlen,
|
||||
&ip6_bindv6only);
|
||||
#endif
|
||||
case IPV6CTL_ANONPORTMIN:
|
||||
old = ip6_anonportmin;
|
||||
error = sysctl_int(oldp, oldlenp, newp, newlen,
|
||||
&ip6_anonportmin);
|
||||
if (ip6_anonportmin >= ip6_anonportmax || ip6_anonportmin < 0 ||
|
||||
ip6_anonportmin > 65535
|
||||
#ifndef IPNOPRIVPORTS
|
||||
|| ip6_anonportmin < IPV6PORT_RESERVED
|
||||
#endif
|
||||
) {
|
||||
ip6_anonportmin = old;
|
||||
return (EINVAL);
|
||||
}
|
||||
return (error);
|
||||
case IPV6CTL_ANONPORTMAX:
|
||||
old = ip6_anonportmax;
|
||||
error = sysctl_int(oldp, oldlenp, newp, newlen,
|
||||
&ip6_anonportmax);
|
||||
if (ip6_anonportmin >= ip6_anonportmax || ip6_anonportmax < 0 ||
|
||||
ip6_anonportmax > 65535
|
||||
#ifndef IPNOPRIVPORTS
|
||||
|| ip6_anonportmax < IPV6PORT_RESERVED
|
||||
#endif
|
||||
) {
|
||||
ip6_anonportmax = old;
|
||||
return (EINVAL);
|
||||
}
|
||||
return (error);
|
||||
#ifndef IPNOPRIVPORTS
|
||||
case IPV6CTL_LOWPORTMIN:
|
||||
old = ip6_lowportmin;
|
||||
error = sysctl_int(oldp, oldlenp, newp, newlen,
|
||||
&ip6_lowportmin);
|
||||
if (ip6_lowportmin >= ip6_lowportmax ||
|
||||
ip6_lowportmin > IPV6PORT_RESERVEDMAX ||
|
||||
ip6_lowportmin < IPV6PORT_RESERVEDMIN) {
|
||||
ip6_lowportmin = old;
|
||||
return (EINVAL);
|
||||
}
|
||||
return (error);
|
||||
case IPV6CTL_LOWPORTMAX:
|
||||
old = ip6_lowportmax;
|
||||
error = sysctl_int(oldp, oldlenp, newp, newlen,
|
||||
&ip6_lowportmax);
|
||||
if (ip6_lowportmin >= ip6_lowportmax ||
|
||||
ip6_lowportmax > IPV6PORT_RESERVEDMAX ||
|
||||
ip6_lowportmax < IPV6PORT_RESERVEDMIN) {
|
||||
ip6_lowportmax = old;
|
||||
return (EINVAL);
|
||||
}
|
||||
return (error);
|
||||
#endif
|
||||
default:
|
||||
return EOPNOTSUPP;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ip6_var.h,v 1.14 2000/07/13 05:34:22 itojun Exp $ */
|
||||
/* $NetBSD: ip6_var.h,v 1.15 2000/08/26 11:03:46 itojun Exp $ */
|
||||
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
|
||||
|
||||
/*
|
||||
@ -233,6 +233,11 @@ extern int ip6_dad_count; /* DupAddrDetectionTransmits */
|
||||
extern u_int32_t ip6_flow_seq;
|
||||
extern int ip6_auto_flowlabel;
|
||||
|
||||
extern int ip6_anonportmin; /* minimum ephemeral port */
|
||||
extern int ip6_anonportmax; /* maximum ephemeral port */
|
||||
extern int ip6_lowportmin; /* minimum reserved port */
|
||||
extern int ip6_lowportmax; /* maximum reserved port */
|
||||
|
||||
struct in6pcb;
|
||||
|
||||
int icmp6_ctloutput __P((int, struct socket *, int, int, struct mbuf **));
|
||||
|
Loading…
Reference in New Issue
Block a user