diff options
author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-07-08 18:30:18 +0000 |
---|---|---|
committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-07-08 18:30:18 +0000 |
commit | 10fcba53ef6983f49604f8f0da1619428df97c97 (patch) | |
tree | cfcb48c33f5803859f0a19286ecac3e7e8f14b24 /sys | |
parent | 48142241ec73b235e102c03fa64123d49a404e71 (diff) |
Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/uipc_domain.c | 7 | ||||
-rw-r--r-- | sys/net/if_ethersubr.c | 14 | ||||
-rw-r--r-- | sys/net/pipex.c | 22 | ||||
-rw-r--r-- | sys/net/pipex.h | 20 | ||||
-rw-r--r-- | sys/netinet/ip_gre.c | 14 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 4 |
6 files changed, 62 insertions, 19 deletions
diff --git a/sys/kern/uipc_domain.c b/sys/kern/uipc_domain.c index 0098c12af3f..a30d326b5be 100644 --- a/sys/kern/uipc_domain.c +++ b/sys/kern/uipc_domain.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_domain.c,v 1.30 2010/07/02 15:02:38 blambert Exp $ */ +/* $OpenBSD: uipc_domain.c,v 1.31 2011/07/08 18:30:16 yasuoka Exp $ */ /* $NetBSD: uipc_domain.c,v 1.14 1996/02/09 19:00:44 christos Exp $ */ /* @@ -208,6 +208,11 @@ net_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, return (pflow_sysctl(name + 1, namelen - 1, oldp, oldlenp, newp, newlen)); #endif +#ifdef PIPEX + if (family == PF_PIPEX) + return (pipex_sysctl(name + 1, namelen - 1, oldp, oldlenp, + newp, newlen)); +#endif dp = pffinddomain(family); if (dp == NULL) return (ENOPROTOOPT); diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index d5b77eb20aa..0321a33726f 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.149 2011/07/04 23:58:26 claudio Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.150 2011/07/08 18:30:16 yasuoka Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -750,14 +750,14 @@ decapsulate: eh_tmp = mtod(m, struct ether_header *); bcopy(eh, eh_tmp, sizeof(struct ether_header)); #ifdef PIPEX - { - struct pipex_session *session; + if (pipex_enable) { + struct pipex_session *session; - if ((session = pipex_pppoe_lookup_session(m)) != NULL) { - pipex_pppoe_input(m, session); - goto done; + if ((session = pipex_pppoe_lookup_session(m)) != NULL) { + pipex_pppoe_input(m, session); + goto done; + } } - } #endif if (etype == ETHERTYPE_PPPOEDISC) inq = &pppoediscinq; diff --git a/sys/net/pipex.c b/sys/net/pipex.c index 6ee41c1e46c..f5db7bf21e2 100644 --- a/sys/net/pipex.c +++ b/sys/net/pipex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pipex.c,v 1.18 2011/07/07 22:32:51 mcbride Exp $ */ +/* $OpenBSD: pipex.c,v 1.19 2011/07/08 18:30:17 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -36,6 +36,7 @@ #include <sys/socket.h> #include <sys/ioctl.h> #include <sys/select.h> +#include <sys/sysctl.h> #include <sys/syslog.h> #include <sys/conf.h> #include <sys/time.h> @@ -84,6 +85,7 @@ /* * static/global variables */ +int pipex_enable = 0; struct pipex_hash_head pipex_session_list, /* master session list */ pipex_close_wait_list, /* expired session list */ @@ -2978,3 +2980,21 @@ pipex_sockaddr_compar_addr(struct sockaddr *a, struct sockaddr *b) panic("pipex_sockaddr_compar_addr: unknown address family"); return -1; } + +int +pipex_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, + size_t newlen) +{ + /* All sysctl names at this level are terminal. */ + if (namelen != 1) + return (ENOTDIR); + + switch (name[0]) { + case PIPEXCTL_ENABLE: + return (sysctl_int(oldp, oldlenp, newp, newlen, + &pipex_enable)); + default: + return (ENOPROTOOPT); + } + /* NOTREACHED */ +} diff --git a/sys/net/pipex.h b/sys/net/pipex.h index 063ea59e596..391e69ea54d 100644 --- a/sys/net/pipex.h +++ b/sys/net/pipex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pipex.h,v 1.8 2011/04/02 11:52:44 dlg Exp $ */ +/* $OpenBSD: pipex.h,v 1.9 2011/07/08 18:30:17 yasuoka Exp $ */ /* * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -29,6 +29,23 @@ #ifndef NET_PIPEX_H #define NET_PIPEX_H 1 +/* + * Names for pipex sysctl objects + */ +#define PIPEXCTL_ENABLE 1 +#define PIPEXCTL_MAXID 2 + +#define PIPEXCTL_NAMES { \ + { 0, 0 }, \ + { "enable", CTLTYPE_INT }, \ +} + +#define PIPEXCTL_VARS { \ + NULL, \ + &pipex_enable \ + NULL \ +} + #define PIPEX_ENABLE 1 #define PIPEX_DISABLE 0 @@ -163,6 +180,7 @@ struct pipex_session_descr_req { #define PIPEXSIFDESCR _IOW ('p', 8, struct pipex_session_descr_req) #ifdef _KERNEL +extern int pipex_enable; struct pipex_session; diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index 11d1ee761ea..7edc239d8dc 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.c,v 1.42 2011/07/05 21:40:38 dhill Exp $ */ +/* $OpenBSD: ip_gre.c,v 1.43 2011/07/08 18:30:17 yasuoka Exp $ */ /* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -249,14 +249,14 @@ gre_input(struct mbuf *m, ...) } #ifdef PIPEX - { - struct pipex_session *session; + if (pipex_enable) { + struct pipex_session *session; - if ((session = pipex_pptp_lookup_session(m)) != NULL) { - if (pipex_pptp_input(m, session) == NULL) - return; + if ((session = pipex_pptp_lookup_session(m)) != NULL) { + if (pipex_pptp_input(m, session) == NULL) + return; + } } - } #endif ret = gre_input2(m, hlen, IPPROTO_GRE); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index d2479425074..b3fd28f017e 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.144 2011/05/13 14:31:17 oga Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.145 2011/07/08 18:30:17 yasuoka Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -692,7 +692,7 @@ udp_input(struct mbuf *m, ...) IP_RECVDSTPORT, IPPROTO_IP); } #ifdef PIPEX - if (inp->inp_pipex) { + if (pipex_enable && inp->inp_pipex) { struct pipex_session *session; int off = iphlen + sizeof(struct udphdr); if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { |