Add new sysctl variables "net.inet.ip.lowportmin" and

"net.inet.ip.lowportmax" which can be used to the set minimum
and maximum port number assigned to sockets using
IP_PORTRANGE_LOW.

sys/netinet/in.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: in.h,v 1.49 2000/07/28 12:13:34 kleink Exp $	*/
+/*	$NetBSD: in.h,v 1.50 2000/08/25 13:35:05 tron Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1990, 1993
@@ -352,7 +352,9 @@ struct ip_mreq {
 #define	IPCTL_MAXFLOWS         13	/* maximum ip flows allowed */
 #define	IPCTL_HOSTZEROBROADCAST 14	/* is host zero a broadcast addr? */
 #define IPCTL_GIF_TTL 	       15	/* default TTL for gif encap packet */
-#define	IPCTL_MAXID	       16
+#define IPCTL_LOWPORTMIN       16	/* minimum reserved port */
+#define IPCTL_LOWPORTMAX       17	/* maximum reserved port */
+#define	IPCTL_MAXID	       18
 
 #define	IPCTL_NAMES { \
 	{ 0, 0 }, \
@@ -371,6 +373,8 @@ struct ip_mreq {
 	{ "maxflows", CTLTYPE_INT }, \
 	{ "hostzerobroadcast", CTLTYPE_INT }, \
 	{ "gifttl", CTLTYPE_INT }, \
+	{ "lowportmin", CTLTYPE_INT }, \
+	{ "lowportmax", CTLTYPE_INT }, \
 }
 #endif /* !_XOPEN_SOURCE */
 

sys/netinet/in_pcb.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: in_pcb.c,v 1.66 2000/07/06 12:51:39 itojun Exp $	*/
+/*	$NetBSD: in_pcb.c,v 1.67 2000/08/25 13:35:05 tron Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -147,6 +147,8 @@ struct inpcb *
 
 int	anonportmin = IPPORT_ANONMIN;
 int	anonportmax = IPPORT_ANONMAX;
+int	lowportmin  = IPPORT_RESERVEDMIN;
+int	lowportmax  = IPPORT_RESERVEDMAX;
 
 struct pool inpcb_pool;
 
@@ -287,8 +289,8 @@ noname:
 			if (p == 0 || (error = suser(p->p_ucred, &p->p_acflag)))
 				return (EACCES);
 #endif
-			min = IPPORT_RESERVEDMIN;
-			max = IPPORT_RESERVEDMAX;
+			min = lowportmin;
+			max = lowportmax;
 			lastport = &table->inpt_lastlow;
 		} else {
 			min = anonportmin;

sys/netinet/ip_input.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.116 2000/07/06 12:51:40 itojun Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.117 2000/08/25 13:35:05 tron Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1715,6 +1715,31 @@ ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
 				  &ip_gif_ttl));
 #endif
 
+#ifndef IPNOPRIVPORTS
+	case IPCTL_LOWPORTMIN:
+		old = lowportmin;
+		error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin);
+		if (lowportmin >= lowportmax
+		    || lowportmin > IPPORT_RESERVEDMAX
+		    || lowportmin < IPPORT_RESERVEDMIN
+		    ) {
+			lowportmin = old;
+			return (EINVAL);
+		}
+		return (error);
+	case IPCTL_LOWPORTMAX:
+		old = lowportmax;
+		error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax);
+		if (lowportmin >= lowportmax
+		    || lowportmax > IPPORT_RESERVEDMAX
+		    || lowportmax < IPPORT_RESERVEDMIN
+		    ) {
+			lowportmax = old;
+			return (EINVAL);
+		}
+		return (error);
+#endif
+
 	default:
 		return (EOPNOTSUPP);
 	}

sys/netinet/ip_var.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_var.h,v 1.41 2000/03/30 02:37:40 simonb Exp $	*/
+/*	$NetBSD: ip_var.h,v 1.42 2000/08/25 13:35:06 tron Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1993
@@ -188,6 +188,8 @@ extern int   ip_mtudisc;		/* mtu discovery */
 extern u_int ip_mtudisc_timeout;	/* seconds to timeout mtu discovery */
 extern int   anonportmin;		/* minimum ephemeral port */
 extern int   anonportmax;		/* maximum ephemeral port */
+extern int   lowportmin;		/* minimum reserved port */
+extern int   lowportmax;		/* maximum reserved port */
 extern struct rttimer_queue *ip_mtudisc_timeout_q;
 #ifdef GATEWAY
 extern int ip_maxflows;