diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-07-08 18:30:18 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-07-08 18:30:18 +0000 |
| commit | 10fcba53ef6983f49604f8f0da1619428df97c97 (patch) | |
| tree | cfcb48c33f5803859f0a19286ecac3e7e8f14b24 /sbin | |
| parent | 48142241ec73b235e102c03fa64123d49a404e71 (diff) | |
Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 5 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.c | 29 |
2 files changed, 31 insertions, 3 deletions
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 6bb7064dba1..d1311f0b6a1 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.160 2011/07/06 23:44:20 sthen Exp $ +.\" $OpenBSD: sysctl.8,v 1.161 2011/07/08 18:30:17 yasuoka Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 .\" -.Dd $Mdocdate: July 6 2011 $ +.Dd $Mdocdate: July 8 2011 $ .Dt SYSCTL 8 .Os .Sh NAME @@ -317,6 +317,7 @@ and a few require a kernel compiled with non-standard .It net.inet6.icmp6.mtudisc_hiwat integer yes .It net.inet6.icmp6.mtudisc_lowat integer yes .It net.inet6.icmp6.nd6_debug integer yes +.It net.pipex.enable integer yes .It debug.syncprt integer yes .It debug.busyprt integer yes .It debug.doclusterread integer yes diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index c9476e84666..fe26c1f0107 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.176 2011/05/23 01:33:20 djm Exp $ */ +/* $OpenBSD: sysctl.c,v 1.177 2011/07/08 18:30:17 yasuoka Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -72,6 +72,7 @@ #include <net/pfvar.h> #include <net/if_pfsync.h> +#include <net/pipex.h> #ifdef INET6 #include <netinet/ip6.h> @@ -591,6 +592,12 @@ parse(char *string, int flags) return; break; } + if (mib[1] == PF_PIPEX) { + len = sysctl_pipex(string, &bufp, mib, flags, &type); + if (len < 0) + return; + break; + } if (flags == 0) return; warnx("use netstat to view %s information", string); @@ -1346,6 +1353,7 @@ struct ctlname pfsyncname[] = PFSYNCCTL_NAMES; struct ctlname divertname[] = DIVERTCTL_NAMES; struct ctlname bpfname[] = CTL_NET_BPF_NAMES; struct ctlname ifqname[] = CTL_IFQ_NAMES; +struct ctlname pipexname[] = PIPEXCTL_NAMES; struct list inetlist = { inetname, IPPROTO_MAXID }; struct list inetvars[] = { { ipname, IPCTL_MAXID }, /* ip */ @@ -1610,6 +1618,7 @@ struct list inetvars[] = { }; struct list bpflist = { bpfname, NET_BPF_MAXID }; struct list ifqlist = { ifqname, IFQCTL_MAXID }; +struct list pipexlist = { pipexname, PIPEXCTL_MAXID }; struct list kernmalloclist = { kernmallocname, KERN_MALLOC_MAXID }; struct list forkstatlist = { forkstatname, KERN_FORKSTAT_MAXID }; @@ -2171,6 +2180,24 @@ sysctl_mpls(char *string, char **bufpp, int mib[], int flags, int *typep) return (3); } +/* handle PIPEX requests */ +int +sysctl_pipex(char *string, char **bufpp, int mib[], int flags, int *typep) +{ + struct list *lp; + int indx; + + if (*bufpp == NULL) { + listall(string, &pipexlist); + return (-1); + } + if ((indx = findname(string, "third", bufpp, &pipexlist)) == -1) + return (-1); + mib[2] = indx; + *typep = pipexlist.list[indx].ctl_type; + return (3); +} + /* * Handle SysV semaphore info requests */ |