expand the net.inet.(tcp|udp).baddynamic dynamic source port

skipping bitmasks to cover the entire 65536 port space - previously
they covered 512-1024 only.

sysctl needs to be updated to cope with this change; please
"make includes" before rebuilding it.

feedback millert@ ok millert@ deraadt@ markus@

2 files changed, 10 insertions, 21 deletions

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 16d296e4621..87d0e96acb3 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.100 2008/07/03 15:46:24 henning Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.101 2008/07/09 20:20:45 djm Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -157,28 +157,17 @@ struct baddynamicports baddynamicports;
  * Check if the specified port is invalid for dynamic allocation.
  */
 int
-in_baddynamic(port, proto)
-	u_int16_t port;
-	u_int16_t proto;
+in_baddynamic(u_int16_t port, u_int16_t proto)
 {
-
-
 	switch (proto) {
 	case IPPROTO_TCP:
-		if (port == NFS_PORT)
-			return (1);
-		if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED)
-			return (0);
 		return (DP_ISSET(baddynamicports.tcp, port));
 	case IPPROTO_UDP:
 #ifdef IPSEC
+		/* Cannot preset this as it is a sysctl */
 		if (port == udpencap_port)
 			return (1);
 #endif
-		if (port == NFS_PORT)
-			return (1);
-		if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED)
-			return (0);
 		return (DP_ISSET(baddynamicports.udp, port));
 	default:
 		return (0);
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 793913eddf3..fc84844ec40 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.64 2008/07/03 15:46:24 henning Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.65 2008/07/09 20:20:46 djm Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -221,14 +221,14 @@ struct inpcbtable {
 
 /* macros for handling bitmap of ports not to allocate dynamically */
 #define	DP_MAPBITS	(sizeof(u_int32_t) * NBBY)
-#define	DP_MAPSIZE	(howmany(IPPORT_RESERVED/2, DP_MAPBITS))
-#define	DP_SET(m, p)	((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] |= (1 << ((p) % DP_MAPBITS)))
-#define	DP_CLR(m, p)	((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] &= ~(1 << ((p) % DP_MAPBITS)))
-#define	DP_ISSET(m, p)	((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] & (1 << ((p) % DP_MAPBITS)))
+#define	DP_MAPSIZE	(howmany(65536, DP_MAPBITS))
+#define	DP_SET(m, p)	((m)[(p) / DP_MAPBITS] |= (1 << ((p) % DP_MAPBITS)))
+#define	DP_CLR(m, p)	((m)[(p) / DP_MAPBITS] &= ~(1 << ((p) % DP_MAPBITS)))
+#define	DP_ISSET(m, p)	((m)[(p) / DP_MAPBITS] & (1 << ((p) % DP_MAPBITS)))
 
 /* default values for baddynamicports [see ip_init()] */
-#define	DEFBADDYNAMICPORTS_TCP	{ 587, 749, 750, 751, 871, 0 }
-#define	DEFBADDYNAMICPORTS_UDP	{ 623, 664, 749, 750, 751, 0 }
+#define	DEFBADDYNAMICPORTS_TCP	{ 587, 749, 750, 751, 871, 2049, 0 }
+#define	DEFBADDYNAMICPORTS_UDP	{ 623, 664, 749, 750, 751, 2049, 0 }
 
 struct baddynamicports {
 	u_int32_t tcp[DP_MAPSIZE];