Export the tcp_do_rfc1948 variable to userland via sysctl.

The code to generate an ISS via an MD5 hash has been present in the
NetBSD kernel since 2001, but it wasn't even exported to userland at
that time. It was agreed on tech-net with the original author <thorpej>
that we should let the user decide if he wants to enable it or not.
Not enabled by default.
This commit is contained in:
rpaulo 2006-10-16 18:13:56 +00:00
parent b83d29dc81
commit 21df8206df
2 changed files with 18 additions and 3 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: tcp_usrreq.c,v 1.125 2006/10/13 15:39:19 elad Exp $ */
/* $NetBSD: tcp_usrreq.c,v 1.126 2006/10/16 18:13:56 rpaulo Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -102,12 +102,13 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.125 2006/10/13 15:39:19 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.126 2006/10/16 18:13:56 rpaulo Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
#include "opt_tcp_debug.h"
#include "opt_mbuftrace.h"
#include "rnd.h"
#include <sys/param.h>
#include <sys/systm.h>
@ -1731,6 +1732,16 @@ sysctl_net_inet_tcp_setup2(struct sysctllog **clog, int pf, const char *pfname,
CTL_NET, pf, IPPROTO_TCP, TCPCTL_DEBX,
CTL_EOL);
#endif
#if NRND > 0
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "iss_hash",
SYSCTL_DESCR("Enable RFC 1948 ISS by cryptographic "
"hash computation"),
NULL, 0, &tcp_do_rfc1948, sizeof(tcp_do_rfc1948),
CTL_NET, pf, IPPROTO_TCP, CTL_CREATE,
CTL_EOL);
#endif
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: tcp_var.h,v 1.138 2006/10/09 16:27:07 rpaulo Exp $ */
/* $NetBSD: tcp_var.h,v 1.139 2006/10/16 18:13:56 rpaulo Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -145,6 +145,7 @@
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#include "opt_mbuftrace.h"
#include "rnd.h"
#endif
/*
@ -751,6 +752,9 @@ extern int tcp_syn_bucket_limit;/* max entries per hash bucket */
extern int tcp_log_refused; /* log refused connections */
extern int tcp_do_ecn; /* TCP ECN enabled/disabled? */
extern int tcp_ecn_maxretries; /* Max ECN setup retries */
#if NRND > 0
extern int tcp_do_rfc1948; /* ISS by cryptographic hash */
#endif
extern int tcp_sack_tp_maxholes; /* Max holes per connection. */
extern int tcp_sack_globalmaxholes; /* Max holes per system. */
extern int tcp_sack_globalholes; /* Number of holes present. */