The list of tcp/udp ports not to allocate dynamically is now

a bitmask configurable via sysctl([38]).  The default values
have not changed.  If one wants to change the list it should
be done early on in /etc/rc.

12 files changed, 214 insertions, 44 deletions

diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3
index e16417eef24..b3520d9e92f 100644
--- a/lib/libc/gen/sysctl.3
+++ b/lib/libc/gen/sysctl.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.3,v 1.6 1997/06/13 13:30:51 deraadt Exp $
+.\"	$OpenBSD: sysctl.3,v 1.7 1997/08/09 23:36:30 millert Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -320,7 +320,7 @@ Return 1 if file names longer than KERN_NAME_MAX are truncated.
 .It Li KERN_OSRELEASE
 The system release string.
 .It Li KERN_OSREV
-The system revision string.
+The system revision number.
 .It Li KERN_OSTYPE
 The system type string.
 .It Li KERN_PATH_MAX
@@ -450,8 +450,10 @@ The currently defined protocols and names are:
 .It ip	redirect	integer	yes
 .It ip	ttl	integer	yes
 .It icmp	maskrepl	integer	yes
-.It tcp rfc1323	integer	yes
+.It tcp	rfc1323	integer	yes
+.It tcp	baddynamic	array	yes
 .It udp	checksum	integer	yes
+.It udp	baddynamic	array	yes
 .El
 .Pp
 The variables are as follows:
@@ -471,9 +473,19 @@ This value applies to normal transport protocols, not to ICMP.
 Returns 1 if ICMP network mask requests are to be answered.
 .It Li tcp.rfc1323
 Returns 1 if RFC1323 extensions to TCP are enabled.
+.It Li tcp.baddynamic
+An array of
+.Va in_port_t
+is returned specifying the bitmask of TCP ports between 512
+and 1023 inclusive that should not be allocated dynamically
+by the kernel (ie: they must be bound specifically by port number).
 .It Li udp.checksum
 Returns 1 when UDP checksums are being computed and checked.
 Disabling UDP checksums is strongly discouraged.
+.It Li udp.baddynamic
+Analogous to
+.Va tcp.baddynamic
+but for UDP sockets.
 .El
 .Sh CTL_USER
 The string and integer information available for the CTL_USER level
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index 9ffc0ea4fd7..90ee178d107 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.8,v 1.10 1997/07/15 00:38:14 angelos Exp $
+.\"	$OpenBSD: sysctl.8,v 1.11 1997/08/09 23:36:30 millert Exp $
 .\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
 .\"
 .\" Copyright (c) 1993
@@ -131,7 +131,6 @@ privilege can change the value.
 .It kern.pipe_buf	integer	no
 .It kern.chown_restricted	integer	no
 .It kern.no_trunc	integer	no
-.It kern.vdisable	integer	no
 .It kern.boottime	struct	no
 .It kern.somaxconn	integer	yes
 .It kern.sominconn	integer	yes
@@ -156,7 +155,9 @@ privilege can change the value.
 .It net.inet.tcp.keepidle	integer	yes
 .It net.inet.tcp.keepintvl	integer	yes
 .It net.inet.tcp.slowhz	integer	no
+.It net.inet.tcp.baddynamic	array	yes
 .It net.inet.udp.checksum	integer	yes
+.It net.inet.udp.baddynamic	array	yes
 .It net.ipx.ipx.recvspace	integer	yes
 .It net.ipx.ipx.sendspace	integer	yes
 .It net.ipsec.encap.encdebug	integer	yes
@@ -223,6 +224,13 @@ Information about the load average history may be obtained with
 .Bd -literal -offset indent -compact
 sysctl vm.loadavg
 .Ed
+.Pp
+Set the list of reserved TCP ports that should not be allocated
+by the kernel dynamically.  This can be used to keep daemons
+from stealing a specific port that another program needs to function:
+.Bd -literal -offset indent -compact
+sysctl -w net.inet.tcp.baddynamic="749 750 751 760 761 871"
+.Ed
 .Sh FILES
 .Bl -tag -width <netinet/icmpXvar.h> -compact
 .It Pa <sys/sysctl.h>
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index 0d506ca07a2..e87da083671 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp $	*/
+/*	$OpenBSD: sysctl.c,v 1.15 1997/08/09 23:36:31 millert Exp $	*/
 /*	$NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $	*/
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)sysctl.c	8.1 (Berkeley) 6/6/93";
 #else
-static char *rcsid = "$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp $";
+static char *rcsid = "$OpenBSD: sysctl.c,v 1.15 1997/08/09 23:36:31 millert Exp $";
 #endif
 #endif /* not lint */
 
@@ -56,9 +56,12 @@ static char *rcsid = "$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp
 #include <vm/vm_param.h>
 #include <machine/cpu.h>
 
+#include <net/route.h>
+
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
+#include <netinet/in_pcb.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/icmp_var.h>
 #include <netinet/ip_var.h>
@@ -127,6 +130,7 @@ int	Aflag, aflag, nflag, wflag;
 #define	BOOTTIME	0x00000002
 #define	CONSDEV		0x00000004
 #define RNDSTATS	0x00000008
+#define BADDYNAMIC	0x00000020
 
 /* prototypes */
 void usage();
@@ -348,9 +352,34 @@ parse(string, flags)
 	case CTL_NET:
 		if (mib[1] == PF_INET) {
 			len = sysctl_inet(string, &bufp, mib, flags, &type);
-			if (len >= 0)
-				break;
-			return;
+			if (len < 0)
+				return;
+			if (mib[3] == TCPCTL_BADDYNAMIC ||
+			    mib[3] == UDPCTL_BADDYNAMIC) {
+				u_int32_t newbaddynamic[DP_MAPSIZE];
+				in_port_t port;
+
+				special |= BADDYNAMIC;
+				if (newval != NULL) {
+					(void)memset((void *)&newbaddynamic, 0,
+					    sizeof(newbaddynamic));
+					while (newval &&
+					    (cp = strsep((char **)&newval,
+					    ", \t")) && *cp) {
+						port = atoi(cp);
+						if (port < IPPORT_RESERVED/2 ||
+						    port >= IPPORT_RESERVED)
+							errx(1, "invalid port, "
+							    "range is %d to %d",
+							    IPPORT_RESERVED/2,
+							    IPPORT_RESERVED-1);
+						DP_SET(newbaddynamic, port);
+					}
+					newval = (void *)newbaddynamic;
+					newsize = sizeof(newbaddynamic);
+				}
+			}
+			break;
 		}
 		if (mib[1] == PF_IPX) {
 			len = sysctl_ipx(string, &bufp, mib, flags, &type);
@@ -483,6 +512,27 @@ parse(string, flags)
 		    rndstats->rnd_asleep, rndstats->rnd_queued);
 		return;
 	}
+	if (special & BADDYNAMIC) {
+		in_port_t port;
+		u_int32_t *baddynamic = (u_int32_t *)buf;
+
+		if (!nflag)
+			printf("%s%s", string, newsize ? ":" : " =");
+		for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED; port++)
+			if (DP_ISSET(baddynamic, port))
+				printf(" %hd", port);
+		if (newsize != 0) {
+			if (!nflag)
+				fputs(" ->", stdout);
+			baddynamic = (u_int32_t *)newval;
+			for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED;
+			    port++)
+				if (DP_ISSET(baddynamic, port))
+					printf(" %hd", port);
+		}
+		putchar('\n');
+		return;
+	}
 	switch (type) {
 	case CTLTYPE_INT:
 		if (newsize == 0) {
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 086fd79b3f9..1df701a0dd3 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.17 1997/07/27 08:11:10 deraadt Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.18 1997/08/09 23:36:26 millert Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -77,7 +77,7 @@ int ipport_hilastauto = IPPORT_HILASTAUTO;	/* 44999 */
 #define	INPCBHASH(table, faddr, fport, laddr, lport) \
 	&(table)->inpt_hashtbl[(ntohl((faddr)->s_addr) + ntohs((fport)) + ntohs((lport))) & (table->inpt_hash)]
 
-static int baddynamic __P((u_int16_t));
+static int baddynamic __P((u_int16_t, u_int16_t));
 
 void
 in_pcbinit(table, hashsize)
@@ -90,28 +90,28 @@ in_pcbinit(table, hashsize)
 	table->inpt_lastport = 0;
 }
 
-/*
- * List of standard locked-down reserved ports.
- * XXX need to be able to modify this from userland. 
- */
-static u_int16_t baddynamicports[] = {
-	765, 749, 750, 751, 760, 761, 871,
-	0	/* terminator */
-};
-
+struct baddynamicports baddynamicports;
+ 
 /*
  * Check if the specified port is invalid for dynamic allocation.
  */
 static int
-baddynamic(port)
+baddynamic(port, proto)
 	u_int16_t port;
+	u_int16_t proto;
 {
-	int i;
 
-	for (i = 0; baddynamicports[i] != 0; i++)
-		if (baddynamicports[i] == port)
-			return (1);
-	return (0);
+	if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED)
+		return(0);
+
+	switch (proto) {
+		case IPPROTO_TCP:
+			return (DP_ISSET(baddynamicports.tcp, port));
+		case IPPROTO_UDP:
+			return (DP_ISSET(baddynamicports.udp, port));
+		default:
+			return (0);
+	}
 }
 
 int
@@ -263,7 +263,7 @@ portloop:
 				if (*lastport > first || *lastport < last)
 					*lastport = first;
 				lport = htons(*lastport);
-			} while (baddynamic(*lastport) ||
+			} while (baddynamic(*lastport, so->so_proto->pr_protocol) ||
 			    in_pcblookup(table, zeroin_addr, 0,
 			    inp->inp_laddr, lport, wild));
 		} else {
@@ -290,7 +290,7 @@ portloop:
 				if (*lastport < first || *lastport > last)
 					*lastport = first;
 				lport = htons(*lastport);
-			} while (baddynamic(*lastport) ||
+			} while (baddynamic(*lastport, so->so_proto->pr_protocol) ||
 			    in_pcblookup(table, zeroin_addr, 0,
 			    inp->inp_laddr, lport, wild));
 		}
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index e58772ff54d..8934fc45d30 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.4 1997/02/28 04:03:48 angelos Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.5 1997/08/09 23:36:25 millert Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -87,6 +87,21 @@ struct inpcbtable {
 
 #define	sotoinpcb(so)	((struct inpcb *)(so)->so_pcb)
 
+/* macros for handling bitmap of ports not to allocate dynamically */
+#define	DP_MAPBITS	(sizeof(u_int32_t) * NBBY)
+#define	DP_MAPSIZE	(howmany(IPPORT_RESERVED/2, DP_MAPBITS))
+#define	DP_SET(m, p)	((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] |= (1 << ((p) % DP_MAPBITS)))
+#define	DP_ISSET(m, p)	((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] & (1 << ((p) % DP_MAPBITS)))
+
+/* default values for baddynamicports [see ip_init()] */
+#define	DEFBADDYNAMICPORTS_TCP	{ 749, 750, 751, 760, 761, 871, 0 }
+#define	DEFBADDYNAMICPORTS_UDP	{ 750, 751, 0 }
+
+struct baddynamicports {
+	u_int32_t tcp[DP_MAPSIZE];
+	u_int32_t udp[DP_MAPSIZE];
+};
+
 #ifdef _KERNEL
 void	 in_losing __P((struct inpcb *));
 int	 in_pcballoc __P((struct socket *, void *));
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 4753f601726..1863051f803 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.25 1997/02/28 03:44:53 angelos Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.26 1997/08/09 23:36:29 millert Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $	*/
 
 /*
@@ -104,6 +104,7 @@ extern int ipport_firstauto;
 extern int ipport_lastauto;
 extern int ipport_hifirstauto;
 extern int ipport_hilastauto;
+extern struct baddynamicports baddynamicports;
 
 extern	struct domain inetdomain;
 extern	struct protosw inetsw[];
@@ -156,6 +157,8 @@ ip_init()
 {
 	register struct protosw *pr;
 	register int i;
+	const u_int16_t defbaddynamicports_tcp[] = DEFBADDYNAMICPORTS_TCP;
+	const u_int16_t defbaddynamicports_udp[] = DEFBADDYNAMICPORTS_UDP;
 
 	pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW);
 	if (pr == 0)
@@ -171,6 +174,13 @@ ip_init()
 	ip_id = time.tv_sec & 0xffff;
 	ipintrq.ifq_maxlen = ipqmaxlen;
 	TAILQ_INIT(&in_ifaddr);
+
+	/* Fill in list of ports not to allocate dynamically. */
+	bzero((void *)&baddynamicports, sizeof(baddynamicports));
+	for (i = 0; defbaddynamicports_tcp[i] != 0; i++)
+		DP_SET(baddynamicports.tcp, defbaddynamicports_tcp[i]);
+	for (i = 0; defbaddynamicports_udp[i] != 0; i++)
+		DP_SET(baddynamicports.udp, defbaddynamicports_tcp[i]);
 }
 
 struct	sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index c9741a1c230..99c02ed1fa1 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_usrreq.c,v 1.11 1997/07/24 00:25:25 deraadt Exp $	*/
+/*	$OpenBSD: tcp_usrreq.c,v 1.12 1997/08/09 23:36:26 millert Exp $	*/
 /*	$NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $	*/
 
 /*
@@ -75,6 +75,9 @@
 extern	char *tcpstates[];
 extern	int tcptv_keep_init;
 
+/* from in_pcb.c */
+extern	struct baddynamicports baddynamicports;
+
 /*
  * Process a TCP user request for TCP tb.  If this is a send request
  * then m is the mbuf chain of send data.  If this is a timer expiration
@@ -588,6 +591,10 @@ tcp_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
 	case TCPCTL_SLOWHZ:
 		return (sysctl_rdint(oldp, oldlenp, newp, PR_SLOWHZ));
 
+	case TCPCTL_BADDYNAMIC:
+		return (sysctl_struct(oldp, oldlenp, newp, newlen,
+		    baddynamicports.tcp, sizeof(baddynamicports.tcp)));
+
 	default:
 		return (ENOPROTOOPT);
 	}
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index 038c363b5b4..1a4a946a6ff 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_var.h,v 1.7 1997/06/15 13:47:28 deraadt Exp $	*/
+/*	$OpenBSD: tcp_var.h,v 1.8 1997/08/09 23:36:27 millert Exp $	*/
 /*	$NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $	*/
 
 /*
@@ -236,7 +236,8 @@ struct	tcpstat {
 #define TCPCTL_KEEPIDLE		3 /* allow tcp_keepidle to be changed */
 #define TCPCTL_KEEPINTVL	4 /* allow tcp_keepintvl to be changed */
 #define TCPCTL_SLOWHZ		5 /* return kernel idea of PR_SLOWHZ */ 
-#define	TCPCTL_MAXID		6
+#define TCPCTL_BADDYNAMIC	6 /* return bad dynamic port bitmap */ 
+#define	TCPCTL_MAXID		7
 
 #define	TCPCTL_NAMES { \
 	{ 0, 0 }, \
@@ -245,6 +246,7 @@ struct	tcpstat {
 	{ "keepidle",	CTLTYPE_INT }, \
 	{ "keepintvl",	CTLTYPE_INT }, \
 	{ "slowhz",	CTLTYPE_INT }, \
+	{ "baddynamic", CTLTYPE_STRUCT }, \
 }
 
 #ifdef _KERNEL
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 9ec5b2ce0e7..eed1e4db382 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: udp_usrreq.c,v 1.11 1997/07/24 00:31:15 deraadt Exp $	*/
+/*	$OpenBSD: udp_usrreq.c,v 1.12 1997/08/09 23:36:28 millert Exp $	*/
 /*	$NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $	*/
 
 /*
@@ -82,6 +82,9 @@ static	struct mbuf *udp_saveopt __P((caddr_t, int, int));
 #endif
 int	udbhashsize = UDBHASHSIZE;
 
+/* from in_pcb.c */
+extern	struct baddynamicports baddynamicports;
+
 void
 udp_init()
 {
@@ -682,6 +685,9 @@ udp_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
 	switch (name[0]) {
 	case UDPCTL_CHECKSUM:
 		return (sysctl_int(oldp, oldlenp, newp, newlen, &udpcksum));
+	case UDPCTL_BADDYNAMIC:
+		return (sysctl_struct(oldp, oldlenp, newp, newlen,
+		    baddynamicports.udp, sizeof(baddynamicports.udp)));
 	default:
 		return (ENOPROTOOPT);
 	}
diff --git a/sys/netinet/udp_var.h b/sys/netinet/udp_var.h
index c4bf23fdf2e..43dd5ac32d4 100644
--- a/sys/netinet/udp_var.h
+++ b/sys/netinet/udp_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: udp_var.h,v 1.3 1996/03/03 22:30:52 niklas Exp $	*/
+/*	$OpenBSD: udp_var.h,v 1.4 1997/08/09 23:36:28 millert Exp $	*/
 /*	$NetBSD: udp_var.h,v 1.12 1996/02/13 23:44:41 christos Exp $	*/
 
 /*
@@ -71,11 +71,13 @@ struct	udpstat {
  * Names for UDP sysctl objects
  */
 #define	UDPCTL_CHECKSUM		1	/* checksum UDP packets */
-#define UDPCTL_MAXID		2
+#define	UDPCTL_BADDYNAMIC	2	/* return bad dynamic port bitmap */
+#define UDPCTL_MAXID		3
 
 #define UDPCTL_NAMES { \
 	{ 0, 0 }, \
 	{ "checksum", CTLTYPE_INT }, \
+	{ "baddynamic", CTLTYPE_STRUCT }, \
 }
 
 #ifdef _KERNEL
diff --git a/usr.sbin/sysctl/sysctl.8 b/usr.sbin/sysctl/sysctl.8
index 9ffc0ea4fd7..90ee178d107 100644
--- a/usr.sbin/sysctl/sysctl.8
+++ b/usr.sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.8,v 1.10 1997/07/15 00:38:14 angelos Exp $
+.\"	$OpenBSD: sysctl.8,v 1.11 1997/08/09 23:36:30 millert Exp $
 .\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
 .\"
 .\" Copyright (c) 1993
@@ -131,7 +131,6 @@ privilege can change the value.
 .It kern.pipe_buf	integer	no
 .It kern.chown_restricted	integer	no
 .It kern.no_trunc	integer	no
-.It kern.vdisable	integer	no
 .It kern.boottime	struct	no
 .It kern.somaxconn	integer	yes
 .It kern.sominconn	integer	yes
@@ -156,7 +155,9 @@ privilege can change the value.
 .It net.inet.tcp.keepidle	integer	yes
 .It net.inet.tcp.keepintvl	integer	yes
 .It net.inet.tcp.slowhz	integer	no
+.It net.inet.tcp.baddynamic	array	yes
 .It net.inet.udp.checksum	integer	yes
+.It net.inet.udp.baddynamic	array	yes
 .It net.ipx.ipx.recvspace	integer	yes
 .It net.ipx.ipx.sendspace	integer	yes
 .It net.ipsec.encap.encdebug	integer	yes
@@ -223,6 +224,13 @@ Information about the load average history may be obtained with
 .Bd -literal -offset indent -compact
 sysctl vm.loadavg
 .Ed
+.Pp
+Set the list of reserved TCP ports that should not be allocated
+by the kernel dynamically.  This can be used to keep daemons
+from stealing a specific port that another program needs to function:
+.Bd -literal -offset indent -compact
+sysctl -w net.inet.tcp.baddynamic="749 750 751 760 761 871"
+.Ed
 .Sh FILES
 .Bl -tag -width <netinet/icmpXvar.h> -compact
 .It Pa <sys/sysctl.h>
diff --git a/usr.sbin/sysctl/sysctl.c b/usr.sbin/sysctl/sysctl.c
index 0d506ca07a2..e87da083671 100644
--- a/usr.sbin/sysctl/sysctl.c
+++ b/usr.sbin/sysctl/sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp $	*/
+/*	$OpenBSD: sysctl.c,v 1.15 1997/08/09 23:36:31 millert Exp $	*/
 /*	$NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $	*/
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)sysctl.c	8.1 (Berkeley) 6/6/93";
 #else
-static char *rcsid = "$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp $";
+static char *rcsid = "$OpenBSD: sysctl.c,v 1.15 1997/08/09 23:36:31 millert Exp $";
 #endif
 #endif /* not lint */
 
@@ -56,9 +56,12 @@ static char *rcsid = "$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp
 #include <vm/vm_param.h>
 #include <machine/cpu.h>
 
+#include <net/route.h>
+
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
+#include <netinet/in_pcb.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/icmp_var.h>
 #include <netinet/ip_var.h>
@@ -127,6 +130,7 @@ int	Aflag, aflag, nflag, wflag;
 #define	BOOTTIME	0x00000002
 #define	CONSDEV		0x00000004
 #define RNDSTATS	0x00000008
+#define BADDYNAMIC	0x00000020
 
 /* prototypes */
 void usage();
@@ -348,9 +352,34 @@ parse(string, flags)
 	case CTL_NET:
 		if (mib[1] == PF_INET) {
 			len = sysctl_inet(string, &bufp, mib, flags, &type);
-			if (len >= 0)
-				break;
-			return;
+			if (len < 0)
+				return;
+			if (mib[3] == TCPCTL_BADDYNAMIC ||
+			    mib[3] == UDPCTL_BADDYNAMIC) {
+				u_int32_t newbaddynamic[DP_MAPSIZE];
+				in_port_t port;
+
+				special |= BADDYNAMIC;
+				if (newval != NULL) {
+					(void)memset((void *)&newbaddynamic, 0,
+					    sizeof(newbaddynamic));
+					while (newval &&
+					    (cp = strsep((char **)&newval,
+					    ", \t")) && *cp) {
+						port = atoi(cp);
+						if (port < IPPORT_RESERVED/2 ||
+						    port >= IPPORT_RESERVED)
+							errx(1, "invalid port, "
+							    "range is %d to %d",
+							    IPPORT_RESERVED/2,
+							    IPPORT_RESERVED-1);
+						DP_SET(newbaddynamic, port);
+					}
+					newval = (void *)newbaddynamic;
+					newsize = sizeof(newbaddynamic);
+				}
+			}
+			break;
 		}
 		if (mib[1] == PF_IPX) {
 			len = sysctl_ipx(string, &bufp, mib, flags, &type);
@@ -483,6 +512,27 @@ parse(string, flags)
 		    rndstats->rnd_asleep, rndstats->rnd_queued);
 		return;
 	}
+	if (special & BADDYNAMIC) {
+		in_port_t port;
+		u_int32_t *baddynamic = (u_int32_t *)buf;
+
+		if (!nflag)
+			printf("%s%s", string, newsize ? ":" : " =");
+		for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED; port++)
+			if (DP_ISSET(baddynamic, port))
+				printf(" %hd", port);
+		if (newsize != 0) {
+			if (!nflag)
+				fputs(" ->", stdout);
+			baddynamic = (u_int32_t *)newval;
+			for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED;
+			    port++)
+				if (DP_ISSET(baddynamic, port))
+					printf(" %hd", port);
+		}
+		putchar('\n');
+		return;
+	}
 	switch (type) {
 	case CTLTYPE_INT:
 		if (newsize == 0) {