From a97bfde931941cee1a6a172a7331fdd327639828 Mon Sep 17 00:00:00 2001 From: tron Date: Fri, 25 Aug 2000 13:35:05 +0000 Subject: [PATCH] Add new sysctl variables "net.inet.ip.lowportmin" and "net.inet.ip.lowportmax" which can be used to the set minimum and maximum port number assigned to sockets using IP_PORTRANGE_LOW. --- sys/netinet/in.h | 8 ++++++-- sys/netinet/in_pcb.c | 8 +++++--- sys/netinet/ip_input.c | 27 ++++++++++++++++++++++++++- sys/netinet/ip_var.h | 4 +++- 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/sys/netinet/in.h b/sys/netinet/in.h index a9d631ca8b1c..bb3fee965a9f 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -1,4 +1,4 @@ -/* $NetBSD: in.h,v 1.49 2000/07/28 12:13:34 kleink Exp $ */ +/* $NetBSD: in.h,v 1.50 2000/08/25 13:35:05 tron Exp $ */ /* * Copyright (c) 1982, 1986, 1990, 1993 @@ -352,7 +352,9 @@ struct ip_mreq { #define IPCTL_MAXFLOWS 13 /* maximum ip flows allowed */ #define IPCTL_HOSTZEROBROADCAST 14 /* is host zero a broadcast addr? */ #define IPCTL_GIF_TTL 15 /* default TTL for gif encap packet */ -#define IPCTL_MAXID 16 +#define IPCTL_LOWPORTMIN 16 /* minimum reserved port */ +#define IPCTL_LOWPORTMAX 17 /* maximum reserved port */ +#define IPCTL_MAXID 18 #define IPCTL_NAMES { \ { 0, 0 }, \ @@ -371,6 +373,8 @@ struct ip_mreq { { "maxflows", CTLTYPE_INT }, \ { "hostzerobroadcast", CTLTYPE_INT }, \ { "gifttl", CTLTYPE_INT }, \ + { "lowportmin", CTLTYPE_INT }, \ + { "lowportmax", CTLTYPE_INT }, \ } #endif /* !_XOPEN_SOURCE */ diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index d7b929bd091b..c799b31566a2 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $NetBSD: in_pcb.c,v 1.66 2000/07/06 12:51:39 itojun Exp $ */ +/* $NetBSD: in_pcb.c,v 1.67 2000/08/25 13:35:05 tron Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -147,6 +147,8 @@ struct inpcb * int anonportmin = IPPORT_ANONMIN; int anonportmax = IPPORT_ANONMAX; +int lowportmin = IPPORT_RESERVEDMIN; +int lowportmax = IPPORT_RESERVEDMAX; struct pool inpcb_pool; @@ -287,8 +289,8 @@ noname: if (p == 0 || (error = suser(p->p_ucred, &p->p_acflag))) return (EACCES); #endif - min = IPPORT_RESERVEDMIN; - max = IPPORT_RESERVEDMAX; + min = lowportmin; + max = lowportmax; lastport = &table->inpt_lastlow; } else { min = anonportmin; diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 0fae4a8898b0..678282f65851 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.116 2000/07/06 12:51:40 itojun Exp $ */ +/* $NetBSD: ip_input.c,v 1.117 2000/08/25 13:35:05 tron Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -1715,6 +1715,31 @@ ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen) &ip_gif_ttl)); #endif +#ifndef IPNOPRIVPORTS + case IPCTL_LOWPORTMIN: + old = lowportmin; + error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin); + if (lowportmin >= lowportmax + || lowportmin > IPPORT_RESERVEDMAX + || lowportmin < IPPORT_RESERVEDMIN + ) { + lowportmin = old; + return (EINVAL); + } + return (error); + case IPCTL_LOWPORTMAX: + old = lowportmax; + error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax); + if (lowportmin >= lowportmax + || lowportmax > IPPORT_RESERVEDMAX + || lowportmax < IPPORT_RESERVEDMIN + ) { + lowportmax = old; + return (EINVAL); + } + return (error); +#endif + default: return (EOPNOTSUPP); } diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 7516e2326aa6..7dbca54bde5c 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -1,4 +1,4 @@ -/* $NetBSD: ip_var.h,v 1.41 2000/03/30 02:37:40 simonb Exp $ */ +/* $NetBSD: ip_var.h,v 1.42 2000/08/25 13:35:06 tron Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -188,6 +188,8 @@ extern int ip_mtudisc; /* mtu discovery */ extern u_int ip_mtudisc_timeout; /* seconds to timeout mtu discovery */ extern int anonportmin; /* minimum ephemeral port */ extern int anonportmax; /* maximum ephemeral port */ +extern int lowportmin; /* minimum reserved port */ +extern int lowportmax; /* maximum reserved port */ extern struct rttimer_queue *ip_mtudisc_timeout_q; #ifdef GATEWAY extern int ip_maxflows;