summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorYASUOKA Masahiko <yasuoka@cvs.openbsd.org>2011-07-08 18:30:18 +0000
committerYASUOKA Masahiko <yasuoka@cvs.openbsd.org>2011-07-08 18:30:18 +0000
commit10fcba53ef6983f49604f8f0da1619428df97c97 (patch)
treecfcb48c33f5803859f0a19286ecac3e7e8f14b24 /sys
parent48142241ec73b235e102c03fa64123d49a404e71 (diff)
Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/uipc_domain.c7
-rw-r--r--sys/net/if_ethersubr.c14
-rw-r--r--sys/net/pipex.c22
-rw-r--r--sys/net/pipex.h20
-rw-r--r--sys/netinet/ip_gre.c14
-rw-r--r--sys/netinet/udp_usrreq.c4
6 files changed, 62 insertions, 19 deletions
diff --git a/sys/kern/uipc_domain.c b/sys/kern/uipc_domain.c
index 0098c12af3f..a30d326b5be 100644
--- a/sys/kern/uipc_domain.c
+++ b/sys/kern/uipc_domain.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_domain.c,v 1.30 2010/07/02 15:02:38 blambert Exp $ */
+/* $OpenBSD: uipc_domain.c,v 1.31 2011/07/08 18:30:16 yasuoka Exp $ */
/* $NetBSD: uipc_domain.c,v 1.14 1996/02/09 19:00:44 christos Exp $ */
/*
@@ -208,6 +208,11 @@ net_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
return (pflow_sysctl(name + 1, namelen - 1, oldp, oldlenp,
newp, newlen));
#endif
+#ifdef PIPEX
+ if (family == PF_PIPEX)
+ return (pipex_sysctl(name + 1, namelen - 1, oldp, oldlenp,
+ newp, newlen));
+#endif
dp = pffinddomain(family);
if (dp == NULL)
return (ENOPROTOOPT);
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index d5b77eb20aa..0321a33726f 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_ethersubr.c,v 1.149 2011/07/04 23:58:26 claudio Exp $ */
+/* $OpenBSD: if_ethersubr.c,v 1.150 2011/07/08 18:30:16 yasuoka Exp $ */
/* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */
/*
@@ -750,14 +750,14 @@ decapsulate:
eh_tmp = mtod(m, struct ether_header *);
bcopy(eh, eh_tmp, sizeof(struct ether_header));
#ifdef PIPEX
- {
- struct pipex_session *session;
+ if (pipex_enable) {
+ struct pipex_session *session;
- if ((session = pipex_pppoe_lookup_session(m)) != NULL) {
- pipex_pppoe_input(m, session);
- goto done;
+ if ((session = pipex_pppoe_lookup_session(m)) != NULL) {
+ pipex_pppoe_input(m, session);
+ goto done;
+ }
}
- }
#endif
if (etype == ETHERTYPE_PPPOEDISC)
inq = &pppoediscinq;
diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index 6ee41c1e46c..f5db7bf21e2 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pipex.c,v 1.18 2011/07/07 22:32:51 mcbride Exp $ */
+/* $OpenBSD: pipex.c,v 1.19 2011/07/08 18:30:17 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -36,6 +36,7 @@
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/select.h>
+#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <sys/conf.h>
#include <sys/time.h>
@@ -84,6 +85,7 @@
/*
* static/global variables
*/
+int pipex_enable = 0;
struct pipex_hash_head
pipex_session_list, /* master session list */
pipex_close_wait_list, /* expired session list */
@@ -2978,3 +2980,21 @@ pipex_sockaddr_compar_addr(struct sockaddr *a, struct sockaddr *b)
panic("pipex_sockaddr_compar_addr: unknown address family");
return -1;
}
+
+int
+pipex_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
+ size_t newlen)
+{
+ /* All sysctl names at this level are terminal. */
+ if (namelen != 1)
+ return (ENOTDIR);
+
+ switch (name[0]) {
+ case PIPEXCTL_ENABLE:
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ &pipex_enable));
+ default:
+ return (ENOPROTOOPT);
+ }
+ /* NOTREACHED */
+}
diff --git a/sys/net/pipex.h b/sys/net/pipex.h
index 063ea59e596..391e69ea54d 100644
--- a/sys/net/pipex.h
+++ b/sys/net/pipex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pipex.h,v 1.8 2011/04/02 11:52:44 dlg Exp $ */
+/* $OpenBSD: pipex.h,v 1.9 2011/07/08 18:30:17 yasuoka Exp $ */
/*
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -29,6 +29,23 @@
#ifndef NET_PIPEX_H
#define NET_PIPEX_H 1
+/*
+ * Names for pipex sysctl objects
+ */
+#define PIPEXCTL_ENABLE 1
+#define PIPEXCTL_MAXID 2
+
+#define PIPEXCTL_NAMES { \
+ { 0, 0 }, \
+ { "enable", CTLTYPE_INT }, \
+}
+
+#define PIPEXCTL_VARS { \
+ NULL, \
+ &pipex_enable \
+ NULL \
+}
+
#define PIPEX_ENABLE 1
#define PIPEX_DISABLE 0
@@ -163,6 +180,7 @@ struct pipex_session_descr_req {
#define PIPEXSIFDESCR _IOW ('p', 8, struct pipex_session_descr_req)
#ifdef _KERNEL
+extern int pipex_enable;
struct pipex_session;
diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c
index 11d1ee761ea..7edc239d8dc 100644
--- a/sys/netinet/ip_gre.c
+++ b/sys/netinet/ip_gre.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_gre.c,v 1.42 2011/07/05 21:40:38 dhill Exp $ */
+/* $OpenBSD: ip_gre.c,v 1.43 2011/07/08 18:30:17 yasuoka Exp $ */
/* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */
/*
@@ -249,14 +249,14 @@ gre_input(struct mbuf *m, ...)
}
#ifdef PIPEX
- {
- struct pipex_session *session;
+ if (pipex_enable) {
+ struct pipex_session *session;
- if ((session = pipex_pptp_lookup_session(m)) != NULL) {
- if (pipex_pptp_input(m, session) == NULL)
- return;
+ if ((session = pipex_pptp_lookup_session(m)) != NULL) {
+ if (pipex_pptp_input(m, session) == NULL)
+ return;
+ }
}
- }
#endif
ret = gre_input2(m, hlen, IPPROTO_GRE);
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index d2479425074..b3fd28f017e 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_usrreq.c,v 1.144 2011/05/13 14:31:17 oga Exp $ */
+/* $OpenBSD: udp_usrreq.c,v 1.145 2011/07/08 18:30:17 yasuoka Exp $ */
/* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */
/*
@@ -692,7 +692,7 @@ udp_input(struct mbuf *m, ...)
IP_RECVDSTPORT, IPPROTO_IP);
}
#ifdef PIPEX
- if (inp->inp_pipex) {
+ if (pipex_enable && inp->inp_pipex) {
struct pipex_session *session;
int off = iphlen + sizeof(struct udphdr);
if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) {