From 10fcba53ef6983f49604f8f0da1619428df97c97 Mon Sep 17 00:00:00 2001 From: YASUOKA Masahiko Date: Fri, 8 Jul 2011 18:30:18 +0000 Subject: Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@ --- sbin/sysctl/sysctl.8 | 5 +++-- sbin/sysctl/sysctl.c | 29 ++++++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 3 deletions(-) (limited to 'sbin/sysctl') diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 6bb7064dba1..d1311f0b6a1 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.160 2011/07/06 23:44:20 sthen Exp $ +.\" $OpenBSD: sysctl.8,v 1.161 2011/07/08 18:30:17 yasuoka Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 .\" -.Dd $Mdocdate: July 6 2011 $ +.Dd $Mdocdate: July 8 2011 $ .Dt SYSCTL 8 .Os .Sh NAME @@ -317,6 +317,7 @@ and a few require a kernel compiled with non-standard .It net.inet6.icmp6.mtudisc_hiwat integer yes .It net.inet6.icmp6.mtudisc_lowat integer yes .It net.inet6.icmp6.nd6_debug integer yes +.It net.pipex.enable integer yes .It debug.syncprt integer yes .It debug.busyprt integer yes .It debug.doclusterread integer yes diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index c9476e84666..fe26c1f0107 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.176 2011/05/23 01:33:20 djm Exp $ */ +/* $OpenBSD: sysctl.c,v 1.177 2011/07/08 18:30:17 yasuoka Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -72,6 +72,7 @@ #include #include +#include #ifdef INET6 #include @@ -591,6 +592,12 @@ parse(char *string, int flags) return; break; } + if (mib[1] == PF_PIPEX) { + len = sysctl_pipex(string, &bufp, mib, flags, &type); + if (len < 0) + return; + break; + } if (flags == 0) return; warnx("use netstat to view %s information", string); @@ -1346,6 +1353,7 @@ struct ctlname pfsyncname[] = PFSYNCCTL_NAMES; struct ctlname divertname[] = DIVERTCTL_NAMES; struct ctlname bpfname[] = CTL_NET_BPF_NAMES; struct ctlname ifqname[] = CTL_IFQ_NAMES; +struct ctlname pipexname[] = PIPEXCTL_NAMES; struct list inetlist = { inetname, IPPROTO_MAXID }; struct list inetvars[] = { { ipname, IPCTL_MAXID }, /* ip */ @@ -1610,6 +1618,7 @@ struct list inetvars[] = { }; struct list bpflist = { bpfname, NET_BPF_MAXID }; struct list ifqlist = { ifqname, IFQCTL_MAXID }; +struct list pipexlist = { pipexname, PIPEXCTL_MAXID }; struct list kernmalloclist = { kernmallocname, KERN_MALLOC_MAXID }; struct list forkstatlist = { forkstatname, KERN_FORKSTAT_MAXID }; @@ -2171,6 +2180,24 @@ sysctl_mpls(char *string, char **bufpp, int mib[], int flags, int *typep) return (3); } +/* handle PIPEX requests */ +int +sysctl_pipex(char *string, char **bufpp, int mib[], int flags, int *typep) +{ + struct list *lp; + int indx; + + if (*bufpp == NULL) { + listall(string, &pipexlist); + return (-1); + } + if ((indx = findname(string, "third", bufpp, &pipexlist)) == -1) + return (-1); + mib[2] = indx; + *typep = pipexlist.list[indx].ctl_type; + return (3); +} + /* * Handle SysV semaphore info requests */ -- cgit v1.2.3