Add a new sysctl to mark ports as reserved, so that they are not used in
the anonymous or reserved port allocation.
This commit is contained in:
christos
parent
97613513e6
commit
cbf1f72b20
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_input.c,v 1.302 2012/06/25 15:28:39 christos Exp $ */
|
||||
/* $NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
|
|
@ -91,7 +91,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.302 2012/06/25 15:28:39 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
#include "opt_compat_netbsd.h"
|
||||
|
|
@ -1906,7 +1906,13 @@ sysctl_net_inet_ip_setup(struct sysctllog **clog)
|
|||
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
||||
CTLTYPE_STRING, "selected",
|
||||
SYSCTL_DESCR("selected algorithm"),
|
||||
sysctl_portalgo_selected, 0, NULL, PORTALGO_MAXLEN,
|
||||
sysctl_portalgo_selected4, 0, NULL, PORTALGO_MAXLEN,
|
||||
CTL_CREATE, CTL_EOL);
|
||||
sysctl_createv(clog, 0, &portalgo_node, NULL,
|
||||
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
||||
CTLTYPE_STRUCT, "reserve",
|
||||
SYSCTL_DESCR("bitmap of reserved ports"),
|
||||
sysctl_portalgo_reserve4, 0, NULL, 0,
|
||||
CTL_CREATE, CTL_EOL);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: portalgo.c,v 1.1 2012/06/25 15:28:39 christos Exp $ */
|
||||
/* $NetBSD: portalgo.c,v 1.2 2012/11/29 02:07:20 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2011 Vlad Balan
|
||||
|
|
@ -34,10 +34,12 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: portalgo.c,v 1.1 2012/06/25 15:28:39 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: portalgo.c,v 1.2 2012/11/29 02:07:20 christos Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
|
||||
#define FD_SETSIZE 0x10000
|
||||
#include <sys/fd_set.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/kauth.h>
|
||||
|
|
@ -87,9 +89,11 @@ static bool portalgo_debug = true;
|
|||
|
||||
#ifdef INET
|
||||
static int inet4_portalgo = PORTALGO_BSD;
|
||||
static fd_set inet4_reserve;
|
||||
#endif
|
||||
#ifdef INET6
|
||||
static int inet6_portalgo = PORTALGO_BSD;
|
||||
static fd_set inet6_reserve;
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
|
|
@ -250,6 +254,9 @@ check_suitable_port(uint16_t port, struct inpcb_hdr *inp_hdr, kauth_cred_t cred)
|
|||
struct inpcb *pcb;
|
||||
struct sockaddr_in sin;
|
||||
|
||||
if (FD_ISSET(port, &inet4_reserve))
|
||||
return false;
|
||||
|
||||
sin.sin_addr = inp->inp_laddr;
|
||||
pcb = in_pcblookup_port(table, sin.sin_addr, htons(port), 1,
|
||||
&vestigial);
|
||||
|
|
@ -292,6 +299,9 @@ check_suitable_port(uint16_t port, struct inpcb_hdr *inp_hdr, kauth_cred_t cred)
|
|||
struct sockaddr_in6 sin6;
|
||||
void *t;
|
||||
|
||||
if (FD_ISSET(port, &inet6_reserve))
|
||||
return false;
|
||||
|
||||
sin6.sin6_addr = in6p->in6p_laddr;
|
||||
so = in6p->in6p_socket;
|
||||
|
||||
|
|
@ -853,10 +863,10 @@ portalgo_algo_index_select(struct inpcb_hdr *inp, int algo)
|
|||
|
||||
/*
|
||||
* The sysctl hook that is supposed to check that we are picking one
|
||||
* of the valid algorithms. IPv4.
|
||||
* of the valid algorithms.
|
||||
*/
|
||||
static int
|
||||
sysctl_portalgo_helper(SYSCTLFN_ARGS, int *algo)
|
||||
sysctl_portalgo_selected(SYSCTLFN_ARGS, int *algo)
|
||||
{
|
||||
struct sysctlnode node;
|
||||
int error;
|
||||
|
|
@ -891,23 +901,64 @@ sysctl_portalgo_helper(SYSCTLFN_ARGS, int *algo)
|
|||
return error;
|
||||
}
|
||||
|
||||
static int
|
||||
sysctl_portalgo_reserve(SYSCTLFN_ARGS, fd_set *bt)
|
||||
{
|
||||
struct sysctlnode node;
|
||||
int error;
|
||||
|
||||
DPRINTF("%s called\n", __func__);
|
||||
|
||||
node = *rnode;
|
||||
node.sysctl_data = bt;
|
||||
node.sysctl_size = sizeof(*bt);
|
||||
|
||||
error = sysctl_lookup(SYSCTLFN_CALL(&node));
|
||||
|
||||
if (error || newp == NULL)
|
||||
return error;
|
||||
|
||||
#ifdef KAUTH_NETWORK_SOCKET_PORT_RESERVE
|
||||
if (l != NULL && (error = kauth_authorize_system(l->l_cred,
|
||||
KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RESERVE, bt,
|
||||
NULL, NULL)) != 0)
|
||||
return error;
|
||||
#endif
|
||||
return error;
|
||||
}
|
||||
|
||||
#ifdef INET
|
||||
/*
|
||||
* The sysctl hook that is supposed to check that we are picking one
|
||||
* of the valid algorithms.
|
||||
*/
|
||||
int
|
||||
sysctl_portalgo_selected(SYSCTLFN_ARGS)
|
||||
sysctl_portalgo_selected4(SYSCTLFN_ARGS)
|
||||
{
|
||||
|
||||
return sysctl_portalgo_helper(SYSCTLFN_CALL(rnode), &inet4_portalgo);
|
||||
return sysctl_portalgo_selected(SYSCTLFN_CALL(rnode), &inet4_portalgo);
|
||||
}
|
||||
|
||||
int
|
||||
sysctl_portalgo_reserve4(SYSCTLFN_ARGS)
|
||||
{
|
||||
|
||||
return sysctl_portalgo_reserve(SYSCTLFN_CALL(rnode), &inet4_reserve);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef INET6
|
||||
int
|
||||
sysctl_portalgo_selected6(SYSCTLFN_ARGS)
|
||||
{
|
||||
|
||||
return sysctl_portalgo_helper(SYSCTLFN_CALL(rnode), &inet6_portalgo);
|
||||
return sysctl_portalgo_selected(SYSCTLFN_CALL(rnode), &inet6_portalgo);
|
||||
}
|
||||
|
||||
int
|
||||
sysctl_portalgo_reserve6(SYSCTLFN_ARGS)
|
||||
{
|
||||
return sysctl_portalgo_reserve(SYSCTLFN_CALL(rnode), &inet6_reserve);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: portalgo.h,v 1.1 2012/06/25 15:28:39 christos Exp $ */
|
||||
/* $NetBSD: portalgo.h,v 1.2 2012/11/29 02:07:20 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2011 Vlad Balan
|
||||
|
|
@ -35,8 +35,10 @@
|
|||
|
||||
struct inpcb_hdr;
|
||||
int portalgo_randport(uint16_t *, struct inpcb_hdr *, kauth_cred_t);
|
||||
int sysctl_portalgo_selected(SYSCTLFN_ARGS);
|
||||
int sysctl_portalgo_selected4(SYSCTLFN_ARGS);
|
||||
int sysctl_portalgo_selected6(SYSCTLFN_ARGS);
|
||||
int sysctl_portalgo_reserve4(SYSCTLFN_ARGS);
|
||||
int sysctl_portalgo_reserve6(SYSCTLFN_ARGS);
|
||||
int sysctl_portalgo_available(SYSCTLFN_ARGS);
|
||||
int portalgo_algo_index_select(struct inpcb_hdr *, int);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip6_input.c,v 1.140 2012/06/25 15:28:40 christos Exp $ */
|
||||
/* $NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $ */
|
||||
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
|
||||
|
||||
/*
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.140 2012/06/25 15:28:40 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $");
|
||||
|
||||
#include "opt_gateway.h"
|
||||
#include "opt_inet.h"
|
||||
|
|
@ -1977,6 +1977,12 @@ sysctl_net_inet6_ip6_setup(struct sysctllog **clog)
|
|||
SYSCTL_DESCR("selected algorithm"),
|
||||
sysctl_portalgo_selected6, 0, NULL, PORTALGO_MAXLEN,
|
||||
CTL_CREATE, CTL_EOL);
|
||||
sysctl_createv(clog, 0, &portalgo_node, NULL,
|
||||
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
||||
CTLTYPE_STRUCT, "reserve",
|
||||
SYSCTL_DESCR("bitmap of reserved ports"),
|
||||
sysctl_portalgo_reserve6, 0, NULL, 0,
|
||||
CTL_CREATE, CTL_EOL);
|
||||
sysctl_createv(clog, 0, NULL, NULL,
|
||||
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
||||
CTLTYPE_INT, "neighborgcthresh",
|
||||
|
|
|
|||
Loading…
Reference in New Issue