Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Add a new sysctl to mark ports as reserved, so that they...
details: https://anonhg.NetBSD.org/src/rev/822419eedf23
branches: trunk
changeset: 782958:822419eedf23
user: christos <christos%NetBSD.org@localhost>
date: Thu Nov 29 02:07:20 2012 +0000
description:
Add a new sysctl to mark ports as reserved, so that they are not used in
the anonymous or reserved port allocation.
diffstat:
sys/netinet/ip_input.c | 12 ++++++--
sys/netinet/portalgo.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----
sys/netinet/portalgo.h | 6 ++-
sys/netinet6/ip6_input.c | 10 +++++-
4 files changed, 79 insertions(+), 14 deletions(-)
diffs (221 lines):
diff -r 1914c2c1d72a -r 822419eedf23 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Thu Nov 29 02:06:17 2012 +0000
+++ b/sys/netinet/ip_input.c Thu Nov 29 02:07:20 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.302 2012/06/25 15:28:39 christos Exp $ */
+/* $NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.302 2012/06/25 15:28:39 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.303 2012/11/29 02:07:20 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -1906,7 +1906,13 @@
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_STRING, "selected",
SYSCTL_DESCR("selected algorithm"),
- sysctl_portalgo_selected, 0, NULL, PORTALGO_MAXLEN,
+ sysctl_portalgo_selected4, 0, NULL, PORTALGO_MAXLEN,
+ CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &portalgo_node, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_STRUCT, "reserve",
+ SYSCTL_DESCR("bitmap of reserved ports"),
+ sysctl_portalgo_reserve4, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
}
diff -r 1914c2c1d72a -r 822419eedf23 sys/netinet/portalgo.c
--- a/sys/netinet/portalgo.c Thu Nov 29 02:06:17 2012 +0000
+++ b/sys/netinet/portalgo.c Thu Nov 29 02:07:20 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: portalgo.c,v 1.1 2012/06/25 15:28:39 christos Exp $ */
+/* $NetBSD: portalgo.c,v 1.2 2012/11/29 02:07:20 christos Exp $ */
/*
* Copyright 2011 Vlad Balan
@@ -34,10 +34,12 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: portalgo.c,v 1.1 2012/06/25 15:28:39 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: portalgo.c,v 1.2 2012/11/29 02:07:20 christos Exp $");
#include "opt_inet.h"
+#define FD_SETSIZE 0x10000
+#include <sys/fd_set.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/kauth.h>
@@ -87,9 +89,11 @@
#ifdef INET
static int inet4_portalgo = PORTALGO_BSD;
+static fd_set inet4_reserve;
#endif
#ifdef INET6
static int inet6_portalgo = PORTALGO_BSD;
+static fd_set inet6_reserve;
#endif
typedef struct {
@@ -250,6 +254,9 @@
struct inpcb *pcb;
struct sockaddr_in sin;
+ if (FD_ISSET(port, &inet4_reserve))
+ return false;
+
sin.sin_addr = inp->inp_laddr;
pcb = in_pcblookup_port(table, sin.sin_addr, htons(port), 1,
&vestigial);
@@ -292,6 +299,9 @@
struct sockaddr_in6 sin6;
void *t;
+ if (FD_ISSET(port, &inet6_reserve))
+ return false;
+
sin6.sin6_addr = in6p->in6p_laddr;
so = in6p->in6p_socket;
@@ -853,10 +863,10 @@
/*
* The sysctl hook that is supposed to check that we are picking one
- * of the valid algorithms. IPv4.
+ * of the valid algorithms.
*/
static int
-sysctl_portalgo_helper(SYSCTLFN_ARGS, int *algo)
+sysctl_portalgo_selected(SYSCTLFN_ARGS, int *algo)
{
struct sysctlnode node;
int error;
@@ -891,23 +901,64 @@
return error;
}
+static int
+sysctl_portalgo_reserve(SYSCTLFN_ARGS, fd_set *bt)
+{
+ struct sysctlnode node;
+ int error;
+
+ DPRINTF("%s called\n", __func__);
+
+ node = *rnode;
+ node.sysctl_data = bt;
+ node.sysctl_size = sizeof(*bt);
+
+ error = sysctl_lookup(SYSCTLFN_CALL(&node));
+
+ if (error || newp == NULL)
+ return error;
+
+#ifdef KAUTH_NETWORK_SOCKET_PORT_RESERVE
+ if (l != NULL && (error = kauth_authorize_system(l->l_cred,
+ KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RESERVE, bt,
+ NULL, NULL)) != 0)
+ return error;
+#endif
+ return error;
+}
+
+#ifdef INET
/*
* The sysctl hook that is supposed to check that we are picking one
* of the valid algorithms.
*/
int
-sysctl_portalgo_selected(SYSCTLFN_ARGS)
+sysctl_portalgo_selected4(SYSCTLFN_ARGS)
{
- return sysctl_portalgo_helper(SYSCTLFN_CALL(rnode), &inet4_portalgo);
+ return sysctl_portalgo_selected(SYSCTLFN_CALL(rnode), &inet4_portalgo);
}
+int
+sysctl_portalgo_reserve4(SYSCTLFN_ARGS)
+{
+
+ return sysctl_portalgo_reserve(SYSCTLFN_CALL(rnode), &inet4_reserve);
+}
+#endif
+
#ifdef INET6
int
sysctl_portalgo_selected6(SYSCTLFN_ARGS)
{
- return sysctl_portalgo_helper(SYSCTLFN_CALL(rnode), &inet6_portalgo);
+ return sysctl_portalgo_selected(SYSCTLFN_CALL(rnode), &inet6_portalgo);
+}
+
+int
+sysctl_portalgo_reserve6(SYSCTLFN_ARGS)
+{
+ return sysctl_portalgo_reserve(SYSCTLFN_CALL(rnode), &inet6_reserve);
}
#endif
diff -r 1914c2c1d72a -r 822419eedf23 sys/netinet/portalgo.h
--- a/sys/netinet/portalgo.h Thu Nov 29 02:06:17 2012 +0000
+++ b/sys/netinet/portalgo.h Thu Nov 29 02:07:20 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: portalgo.h,v 1.1 2012/06/25 15:28:39 christos Exp $ */
+/* $NetBSD: portalgo.h,v 1.2 2012/11/29 02:07:20 christos Exp $ */
/*
* Copyright 2011 Vlad Balan
@@ -35,8 +35,10 @@
struct inpcb_hdr;
int portalgo_randport(uint16_t *, struct inpcb_hdr *, kauth_cred_t);
-int sysctl_portalgo_selected(SYSCTLFN_ARGS);
+int sysctl_portalgo_selected4(SYSCTLFN_ARGS);
int sysctl_portalgo_selected6(SYSCTLFN_ARGS);
+int sysctl_portalgo_reserve4(SYSCTLFN_ARGS);
+int sysctl_portalgo_reserve6(SYSCTLFN_ARGS);
int sysctl_portalgo_available(SYSCTLFN_ARGS);
int portalgo_algo_index_select(struct inpcb_hdr *, int);
diff -r 1914c2c1d72a -r 822419eedf23 sys/netinet6/ip6_input.c
--- a/sys/netinet6/ip6_input.c Thu Nov 29 02:06:17 2012 +0000
+++ b/sys/netinet6/ip6_input.c Thu Nov 29 02:07:20 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.140 2012/06/25 15:28:40 christos Exp $ */
+/* $NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.140 2012/06/25 15:28:40 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -1977,6 +1977,12 @@
SYSCTL_DESCR("selected algorithm"),
sysctl_portalgo_selected6, 0, NULL, PORTALGO_MAXLEN,
CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &portalgo_node, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_STRUCT, "reserve",
+ SYSCTL_DESCR("bitmap of reserved ports"),
+ sysctl_portalgo_reserve6, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "neighborgcthresh",
Home |
Main Index |
Thread Index |
Old Index