The list of tcp/udp ports not to allocate dynamically is now

a bitmask configurable via sysctl([38]).  The default values
have not changed.  If one wants to change the list it should
be done early on in /etc/rc.

2 files changed, 65 insertions, 7 deletions

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index 9ffc0ea4fd7..90ee178d107 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.8,v 1.10 1997/07/15 00:38:14 angelos Exp $
+.\"	$OpenBSD: sysctl.8,v 1.11 1997/08/09 23:36:30 millert Exp $
 .\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
 .\"
 .\" Copyright (c) 1993
@@ -131,7 +131,6 @@ privilege can change the value.
 .It kern.pipe_buf	integer	no
 .It kern.chown_restricted	integer	no
 .It kern.no_trunc	integer	no
-.It kern.vdisable	integer	no
 .It kern.boottime	struct	no
 .It kern.somaxconn	integer	yes
 .It kern.sominconn	integer	yes
@@ -156,7 +155,9 @@ privilege can change the value.
 .It net.inet.tcp.keepidle	integer	yes
 .It net.inet.tcp.keepintvl	integer	yes
 .It net.inet.tcp.slowhz	integer	no
+.It net.inet.tcp.baddynamic	array	yes
 .It net.inet.udp.checksum	integer	yes
+.It net.inet.udp.baddynamic	array	yes
 .It net.ipx.ipx.recvspace	integer	yes
 .It net.ipx.ipx.sendspace	integer	yes
 .It net.ipsec.encap.encdebug	integer	yes
@@ -223,6 +224,13 @@ Information about the load average history may be obtained with
 .Bd -literal -offset indent -compact
 sysctl vm.loadavg
 .Ed
+.Pp
+Set the list of reserved TCP ports that should not be allocated
+by the kernel dynamically.  This can be used to keep daemons
+from stealing a specific port that another program needs to function:
+.Bd -literal -offset indent -compact
+sysctl -w net.inet.tcp.baddynamic="749 750 751 760 761 871"
+.Ed
 .Sh FILES
 .Bl -tag -width <netinet/icmpXvar.h> -compact
 .It Pa <sys/sysctl.h>
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index 0d506ca07a2..e87da083671 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp $	*/
+/*	$OpenBSD: sysctl.c,v 1.15 1997/08/09 23:36:31 millert Exp $	*/
 /*	$NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $	*/
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)sysctl.c	8.1 (Berkeley) 6/6/93";
 #else
-static char *rcsid = "$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp $";
+static char *rcsid = "$OpenBSD: sysctl.c,v 1.15 1997/08/09 23:36:31 millert Exp $";
 #endif
 #endif /* not lint */
 
@@ -56,9 +56,12 @@ static char *rcsid = "$OpenBSD: sysctl.c,v 1.14 1997/07/22 15:06:54 kstailey Exp
 #include <vm/vm_param.h>
 #include <machine/cpu.h>
 
+#include <net/route.h>
+
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
+#include <netinet/in_pcb.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/icmp_var.h>
 #include <netinet/ip_var.h>
@@ -127,6 +130,7 @@ int	Aflag, aflag, nflag, wflag;
 #define	BOOTTIME	0x00000002
 #define	CONSDEV		0x00000004
 #define RNDSTATS	0x00000008
+#define BADDYNAMIC	0x00000020
 
 /* prototypes */
 void usage();
@@ -348,9 +352,34 @@ parse(string, flags)
 	case CTL_NET:
 		if (mib[1] == PF_INET) {
 			len = sysctl_inet(string, &bufp, mib, flags, &type);
-			if (len >= 0)
-				break;
-			return;
+			if (len < 0)
+				return;
+			if (mib[3] == TCPCTL_BADDYNAMIC ||
+			    mib[3] == UDPCTL_BADDYNAMIC) {
+				u_int32_t newbaddynamic[DP_MAPSIZE];
+				in_port_t port;
+
+				special |= BADDYNAMIC;
+				if (newval != NULL) {
+					(void)memset((void *)&newbaddynamic, 0,
+					    sizeof(newbaddynamic));
+					while (newval &&
+					    (cp = strsep((char **)&newval,
+					    ", \t")) && *cp) {
+						port = atoi(cp);
+						if (port < IPPORT_RESERVED/2 ||
+						    port >= IPPORT_RESERVED)
+							errx(1, "invalid port, "
+							    "range is %d to %d",
+							    IPPORT_RESERVED/2,
+							    IPPORT_RESERVED-1);
+						DP_SET(newbaddynamic, port);
+					}
+					newval = (void *)newbaddynamic;
+					newsize = sizeof(newbaddynamic);
+				}
+			}
+			break;
 		}
 		if (mib[1] == PF_IPX) {
 			len = sysctl_ipx(string, &bufp, mib, flags, &type);
@@ -483,6 +512,27 @@ parse(string, flags)
 		    rndstats->rnd_asleep, rndstats->rnd_queued);
 		return;
 	}
+	if (special & BADDYNAMIC) {
+		in_port_t port;
+		u_int32_t *baddynamic = (u_int32_t *)buf;
+
+		if (!nflag)
+			printf("%s%s", string, newsize ? ":" : " =");
+		for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED; port++)
+			if (DP_ISSET(baddynamic, port))
+				printf(" %hd", port);
+		if (newsize != 0) {
+			if (!nflag)
+				fputs(" ->", stdout);
+			baddynamic = (u_int32_t *)newval;
+			for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED;
+			    port++)
+				if (DP_ISSET(baddynamic, port))
+					printf(" %hd", port);
+		}
+		putchar('\n');
+		return;
+	}
 	switch (type) {
 	case CTLTYPE_INT:
 		if (newsize == 0) {