From c8a0bd935b2c3ab799d324629933861366082ed8 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 9 Jul 2008 20:20:45 +0000 Subject: [PATCH] expand the net.inet.(tcp|udp).baddynamic dynamic source port skipping bitmasks to cover the entire 65536 port space - previously they covered 512-1024 only. sysctl needs to be updated to cope with this change; please "make includes" before rebuilding it. feedback millert@ ok millert@ deraadt@ markus@ --- sbin/sysctl/sysctl.c | 48 ++++++++++++++++++++++---------------------- sys/netinet/in_pcb.c | 17 +++------------- sys/netinet/in_pcb.h | 14 ++++++------- 3 files changed, 34 insertions(+), 45 deletions(-) diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index 1fb3dec337f..bcb0c60d46f 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.157 2008/04/28 11:52:53 norby Exp $ */ +/* $OpenBSD: sysctl.c,v 1.158 2008/07/09 20:20:46 djm Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -40,7 +40,7 @@ static const char copyright[] = #if 0 static const char sccsid[] = "@(#)sysctl.c 8.5 (Berkeley) 5/9/95"; #else -static const char rcsid[] = "$OpenBSD: sysctl.c,v 1.157 2008/04/28 11:52:53 norby Exp $"; +static const char rcsid[] = "$OpenBSD: sysctl.c,v 1.158 2008/07/09 20:20:46 djm Exp $"; #endif #endif /* not lint */ @@ -144,6 +144,9 @@ struct ctlname ddbname[] = CTL_DDB_NAMES; char names[BUFSIZ]; int lastused; +/* Maximum size object to expect from sysctl(3) */ +#define SYSCTL_BUFSIZ 8192 + struct list { struct ctlname *list; int size; @@ -311,7 +314,7 @@ parse(char *string, int flags) int64_t quadval; struct list *lp; int mib[CTL_MAXNAME]; - char *cp, *bufp, buf[BUFSIZ]; + char *cp, *bufp, buf[SYSCTL_BUFSIZ]; (void)strlcpy(buf, string, sizeof(buf)); bufp = buf; @@ -712,7 +715,7 @@ parse(char *string, int flags) break; } } - size = BUFSIZ; + size = SYSCTL_BUFSIZ; if (sysctl(mib, len, buf, &size, newval, newsize) == -1) { if (flags == 0) return; @@ -889,7 +892,7 @@ parse(char *string, int flags) return; } if (special & BADDYNAMIC) { - in_port_t port, lastport; + u_int port, lastport; u_int32_t *baddynamic = (u_int32_t *)buf; if (!qflag) { @@ -897,10 +900,9 @@ parse(char *string, int flags) (void)printf("%s%s", string, newsize ? ": " : equ); lastport = 0; - for (port = IPPORT_RESERVED/2; port < IPPORT_RESERVED; - port++) + for (port = 0; port < 65536; port++) if (DP_ISSET(baddynamic, port)) { - (void)printf("%s%hd", + (void)printf("%s%u", lastport ? "," : "", port); lastport = port; } @@ -909,10 +911,9 @@ parse(char *string, int flags) fputs(" -> ", stdout); baddynamic = (u_int32_t *)newval; lastport = 0; - for (port = IPPORT_RESERVED/2; - port < IPPORT_RESERVED; port++) + for (port = 0; port < 65536; port++) if (DP_ISSET(baddynamic, port)) { - (void)printf("%s%hd", + (void)printf("%s%u", lastport ? "," : "", port); lastport = port; } @@ -1010,6 +1011,7 @@ parse_baddynamic(int mib[], size_t len, char *string, void **newvalp, in_port_t port; size_t size; char action, *cp; + const char *errstr; if (strchr((char *)*newvalp, '+') || strchr((char *)*newvalp, '-')) { size = sizeof(newbaddynamic); @@ -1026,10 +1028,9 @@ parse_baddynamic(int mib[], size_t len, char *string, void **newvalp, if (*cp != '+' && *cp != '-') errx(1, "cannot mix +/- with full list"); action = *cp++; - port = atoi(cp); - if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) - errx(1, "invalid port, range is %d to %d", - IPPORT_RESERVED/2, IPPORT_RESERVED-1); + port = strtonum(cp, 0, 65535, &errstr); + if (errstr != NULL) + errx(1, "port is %s: %s", errstr, cp); if (action == '+') DP_SET(newbaddynamic, port); else @@ -1038,10 +1039,9 @@ parse_baddynamic(int mib[], size_t len, char *string, void **newvalp, } else { (void)memset((void *)newbaddynamic, 0, sizeof(newbaddynamic)); while (*newvalp && (cp = strsep((char **)newvalp, ", \t")) && *cp) { - port = atoi(cp); - if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) - errx(1, "invalid port, range is %d to %d", - IPPORT_RESERVED/2, IPPORT_RESERVED-1); + port = strtonum(cp, 0, 65535, &errstr); + if (errstr != NULL) + errx(1, "port is %s: %s", errstr, cp); DP_SET(newbaddynamic, port); } } @@ -1741,7 +1741,7 @@ int sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) { int indx, stor, i; - char *name, bufp[BUFSIZ], *buf, *ptr; + char *name, bufp[SYSCTL_BUFSIZ], *buf, *ptr; struct list lp; size_t size; @@ -1754,7 +1754,7 @@ sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) mib[2] = indx; if (mib[2] == KERN_MALLOC_BUCKET) { if ((name = strsep(bufpp, ".")) == NULL) { - size = BUFSIZ; + size = SYSCTL_BUFSIZ; stor = mib[2]; mib[2] = KERN_MALLOC_BUCKETS; buf = bufp; @@ -1785,7 +1785,7 @@ sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) *typep = CTLTYPE_STRING; return (3); } else if (mib[2] == KERN_MALLOC_KMEMSTATS) { - size = BUFSIZ; + size = SYSCTL_BUFSIZ; stor = mib[2]; mib[2] = KERN_MALLOC_KMEMNAMES; buf = bufp; @@ -2184,7 +2184,7 @@ sysctl_sensors(char *string, char **bufpp, int mib[], int flags, int *typep) size_t sdlen = sizeof(snsrdev); if (*bufpp == NULL) { - char buf[BUFSIZ]; + char buf[SYSCTL_BUFSIZ]; /* scan all sensor devices */ for (dev = 0; dev < MAXSENSORDEVICES; dev++) { @@ -2278,7 +2278,7 @@ sysctl_sensors(char *string, char **bufpp, int mib[], int flags, int *typep) void print_sensordev(char *string, int mib[], u_int mlen, struct sensordev *snsrdev) { - char buf[BUFSIZ]; + char buf[SYSCTL_BUFSIZ]; enum sensor_type type; if (mlen == 3) { diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 16d296e4621..87d0e96acb3 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.100 2008/07/03 15:46:24 henning Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.101 2008/07/09 20:20:45 djm Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -157,28 +157,17 @@ struct baddynamicports baddynamicports; * Check if the specified port is invalid for dynamic allocation. */ int -in_baddynamic(port, proto) - u_int16_t port; - u_int16_t proto; +in_baddynamic(u_int16_t port, u_int16_t proto) { - - switch (proto) { case IPPROTO_TCP: - if (port == NFS_PORT) - return (1); - if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) - return (0); return (DP_ISSET(baddynamicports.tcp, port)); case IPPROTO_UDP: #ifdef IPSEC + /* Cannot preset this as it is a sysctl */ if (port == udpencap_port) return (1); #endif - if (port == NFS_PORT) - return (1); - if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) - return (0); return (DP_ISSET(baddynamicports.udp, port)); default: return (0); diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 793913eddf3..fc84844ec40 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.64 2008/07/03 15:46:24 henning Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.65 2008/07/09 20:20:46 djm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -221,14 +221,14 @@ struct inpcbtable { /* macros for handling bitmap of ports not to allocate dynamically */ #define DP_MAPBITS (sizeof(u_int32_t) * NBBY) -#define DP_MAPSIZE (howmany(IPPORT_RESERVED/2, DP_MAPBITS)) -#define DP_SET(m, p) ((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] |= (1 << ((p) % DP_MAPBITS))) -#define DP_CLR(m, p) ((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] &= ~(1 << ((p) % DP_MAPBITS))) -#define DP_ISSET(m, p) ((m)[((p) - IPPORT_RESERVED/2) / DP_MAPBITS] & (1 << ((p) % DP_MAPBITS))) +#define DP_MAPSIZE (howmany(65536, DP_MAPBITS)) +#define DP_SET(m, p) ((m)[(p) / DP_MAPBITS] |= (1 << ((p) % DP_MAPBITS))) +#define DP_CLR(m, p) ((m)[(p) / DP_MAPBITS] &= ~(1 << ((p) % DP_MAPBITS))) +#define DP_ISSET(m, p) ((m)[(p) / DP_MAPBITS] & (1 << ((p) % DP_MAPBITS))) /* default values for baddynamicports [see ip_init()] */ -#define DEFBADDYNAMICPORTS_TCP { 587, 749, 750, 751, 871, 0 } -#define DEFBADDYNAMICPORTS_UDP { 623, 664, 749, 750, 751, 0 } +#define DEFBADDYNAMICPORTS_TCP { 587, 749, 750, 751, 871, 2049, 0 } +#define DEFBADDYNAMICPORTS_UDP { 623, 664, 749, 750, 751, 2049, 0 } struct baddynamicports { u_int32_t tcp[DP_MAPSIZE]; -- 2.20.1