The userland parts of a sysctl that can switch on/off IP-in-IP (protocol 4)

5 files changed, 20 insertions, 10 deletions

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index 4ae6dc96f87..3be0431bd5e 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.8,v 1.22 1999/02/25 03:34:38 angelos Exp $
+.\"	$OpenBSD: sysctl.8,v 1.23 1999/04/09 23:30:05 niklas Exp $
 .\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
 .\"
 .\" Copyright (c) 1993
@@ -154,6 +154,8 @@ privilege can change the value.
 .It net.inet.ip.porthilast	integer	yes
 .It net.inet.ip.portfirst	integer	yes
 .It net.inet.icmp.maskrepl	integer	yes
+.It net.inet.icmp.bmcastecho	integer	yes
+.It net.inet.ip4.policy	integer	yes
 .It net.inet.tcp.rfc1323	integer	yes
 .It net.inet.tcp.keepinittime	integer	yes
 .It net.inet.tcp.keepidle	integer	yes
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index 4b9afb5f4a6..1041d89c2e9 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sysctl.c,v 1.37 1999/02/25 21:59:50 deraadt Exp $	*/
+/*	$OpenBSD: sysctl.c,v 1.38 1999/04/09 23:30:06 niklas Exp $	*/
 /*	$NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $	*/
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)sysctl.c	8.5 (Berkeley) 5/9/95";
 #else
-static char *rcsid = "$OpenBSD: sysctl.c,v 1.37 1999/02/25 21:59:50 deraadt Exp $";
+static char *rcsid = "$OpenBSD: sysctl.c,v 1.38 1999/04/09 23:30:06 niklas Exp $";
 #endif
 #endif /* not lint */
 
@@ -63,6 +63,7 @@ static char *rcsid = "$OpenBSD: sysctl.c,v 1.37 1999/02/25 21:59:50 deraadt Exp
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_icmp.h>
+#include <netinet/ip_ip4.h>
 #include <netinet/icmp_var.h>
 #include <netinet/ip_var.h>
 #include <netinet/udp.h>
@@ -935,6 +936,7 @@ sysctl_ipsec(string, bufpp, mib, flags, typep)
 struct ctlname inetname[] = CTL_IPPROTO_NAMES;
 struct ctlname ipname[] = IPCTL_NAMES;
 struct ctlname icmpname[] = ICMPCTL_NAMES;
+struct ctlname ip4name[] = IP4CTL_NAMES;
 struct ctlname tcpname[] = TCPCTL_NAMES;
 struct ctlname udpname[] = UDPCTL_NAMES;
 struct list inetlist = { inetname, IPPROTO_MAXID };
@@ -943,7 +945,7 @@ struct list inetvars[] = {
 	{ icmpname, ICMPCTL_MAXID },	/* icmp */
 	{ 0, 0 },			/* igmp */
 	{ 0, 0 },			/* ggmp */
-	{ 0, 0 },
+	{ ip4name, IP4CTL_MAXID },	/* ipencap */
 	{ 0, 0 },
 	{ tcpname, TCPCTL_MAXID },	/* tcp */
 	{ 0, 0 },
diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c
index 9f56f9f41c0..703a34dac49 100644
--- a/usr.bin/netstat/inet.c
+++ b/usr.bin/netstat/inet.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: inet.c,v 1.31 1999/03/27 21:04:21 provos Exp $	*/
+/*	$OpenBSD: inet.c,v 1.32 1999/04/09 23:30:05 niklas Exp $	*/
 /*	$NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $	*/
 
 /*
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "from: @(#)inet.c	8.4 (Berkeley) 4/20/94";
 #else
-static char *rcsid = "$OpenBSD: inet.c,v 1.31 1999/03/27 21:04:21 provos Exp $";
+static char *rcsid = "$OpenBSD: inet.c,v 1.32 1999/04/09 23:30:05 niklas Exp $";
 #endif
 #endif /* not lint */
 
@@ -699,6 +699,8 @@ ip4_stats(off, name)
         p(ip4s_ipackets, "\t%u total input packet%s\n");
         p(ip4s_opackets, "\t%u total output packet%s\n");
         p(ip4s_hdrops, "\t%u packet%s shorter than header shows\n");
+        p(ip4s_pdrops, "\t%u packet%s dropped due to policy\n");
+        p(ip4s_spoof, "\t%u packet%s with possibly spoofed local addresses\n");
         p(ip4s_notip4, "\t%u packet%s with internal header not IPv4 received\n");
         p(ip4s_qfull, "\t%u packet%s were dropped due to full output queue\n");
 	p(ip4s_ibytes, "\t%qu input byte%s\n");
diff --git a/usr.sbin/sysctl/sysctl.8 b/usr.sbin/sysctl/sysctl.8
index 4ae6dc96f87..3be0431bd5e 100644
--- a/usr.sbin/sysctl/sysctl.8
+++ b/usr.sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.8,v 1.22 1999/02/25 03:34:38 angelos Exp $
+.\"	$OpenBSD: sysctl.8,v 1.23 1999/04/09 23:30:05 niklas Exp $
 .\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
 .\"
 .\" Copyright (c) 1993
@@ -154,6 +154,8 @@ privilege can change the value.
 .It net.inet.ip.porthilast	integer	yes
 .It net.inet.ip.portfirst	integer	yes
 .It net.inet.icmp.maskrepl	integer	yes
+.It net.inet.icmp.bmcastecho	integer	yes
+.It net.inet.ip4.policy	integer	yes
 .It net.inet.tcp.rfc1323	integer	yes
 .It net.inet.tcp.keepinittime	integer	yes
 .It net.inet.tcp.keepidle	integer	yes
diff --git a/usr.sbin/sysctl/sysctl.c b/usr.sbin/sysctl/sysctl.c
index 4b9afb5f4a6..1041d89c2e9 100644
--- a/usr.sbin/sysctl/sysctl.c
+++ b/usr.sbin/sysctl/sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sysctl.c,v 1.37 1999/02/25 21:59:50 deraadt Exp $	*/
+/*	$OpenBSD: sysctl.c,v 1.38 1999/04/09 23:30:06 niklas Exp $	*/
 /*	$NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $	*/
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)sysctl.c	8.5 (Berkeley) 5/9/95";
 #else
-static char *rcsid = "$OpenBSD: sysctl.c,v 1.37 1999/02/25 21:59:50 deraadt Exp $";
+static char *rcsid = "$OpenBSD: sysctl.c,v 1.38 1999/04/09 23:30:06 niklas Exp $";
 #endif
 #endif /* not lint */
 
@@ -63,6 +63,7 @@ static char *rcsid = "$OpenBSD: sysctl.c,v 1.37 1999/02/25 21:59:50 deraadt Exp
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_icmp.h>
+#include <netinet/ip_ip4.h>
 #include <netinet/icmp_var.h>
 #include <netinet/ip_var.h>
 #include <netinet/udp.h>
@@ -935,6 +936,7 @@ sysctl_ipsec(string, bufpp, mib, flags, typep)
 struct ctlname inetname[] = CTL_IPPROTO_NAMES;
 struct ctlname ipname[] = IPCTL_NAMES;
 struct ctlname icmpname[] = ICMPCTL_NAMES;
+struct ctlname ip4name[] = IP4CTL_NAMES;
 struct ctlname tcpname[] = TCPCTL_NAMES;
 struct ctlname udpname[] = UDPCTL_NAMES;
 struct list inetlist = { inetname, IPPROTO_MAXID };
@@ -943,7 +945,7 @@ struct list inetvars[] = {
 	{ icmpname, ICMPCTL_MAXID },	/* icmp */
 	{ 0, 0 },			/* igmp */
 	{ 0, 0 },			/* ggmp */
-	{ 0, 0 },
+	{ ip4name, IP4CTL_MAXID },	/* ipencap */
 	{ 0, 0 },
 	{ tcpname, TCPCTL_MAXID },	/* tcp */
 	{ 0, 0 },