Date: Sat, 26 Oct 2002 14:40:00 -0700 (PDT) From: Bill Fenner <fenner@research.att.com> To: arch@freebsd.org Subject: Re: Renumbering IPPROTO_DIVERT Message-ID: <200210262140.g9QLe08V001356@stash.attlabs.att.com>
index | next in thread | raw e-mail
Here's a diff that implements Archie's suggestion, with a sysctl
to turn it off in case you have a real consumer of IP protocol 254.
The rip_divertcompat code should go away in a couple of releases.
"compat" isn't a very good name for it, since it's not compatible.
The first new if in rip_attach() is a related bug that I found during
this conversion; turns out that raw IP uses the third argument mod 256
as the IP protocol number, instead of returning an error for a protocol
number that IP cannot support.
Bill
Index: in.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/in.h,v
retrieving revision 1.72
diff -u -r1.72 in.h
--- in.h 21 Oct 2002 20:40:02 -0000 1.72
+++ in.h 26 Oct 2002 21:35:01 -0000
@@ -236,12 +236,15 @@
#define IPPROTO_PIM 103 /* Protocol Independent Mcast */
#define IPPROTO_PGM 113 /* PGM */
/* 255: Reserved */
-/* BSD Private, local use, namespace incursion */
-#define IPPROTO_DIVERT 254 /* divert pseudo-protocol */
+/* BSD Private, local use, namespace incursion, no longer used */
+#define IPPROTO_OLD_DIVERT 254 /* OLD divert pseudo-proto */
#define IPPROTO_MAX 256
/* last return value of *_input(), meaning "all job for this pkt is done". */
#define IPPROTO_DONE 257
+
+/* Only used internally, so can be outside the range of valid IP protocols. */
+#define IPPROTO_DIVERT 258 /* divert pseudo-protocol */
/*
* Local port number conventions:
Index: ip_divert.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
retrieving revision 1.69
diff -u -r1.69 ip_divert.c
--- ip_divert.c 24 Oct 2002 09:58:50 -0000 1.69
+++ ip_divert.c 25 Oct 2002 23:39:04 -0000
@@ -136,8 +136,8 @@
}
/*
- * IPPROTO_DIVERT is not a real IP protocol; don't allow any packets
- * with that protocol number to enter the system from the outside.
+ * IPPROTO_DIVERT is not in the real IP protocol number space; this
+ * function should never be called. Just in case, drop any packets.
*/
void
div_input(struct mbuf *m, int off)
Index: raw_ip.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.103
diff -u -r1.103 raw_ip.c
--- raw_ip.c 20 Oct 2002 22:52:07 -0000 1.103
+++ raw_ip.c 26 Oct 2002 21:32:25 -0000
@@ -493,11 +493,14 @@
u_long rip_sendspace = RIPSNDQ;
u_long rip_recvspace = RIPRCVQ;
+int rip_divertcompat = 1;
SYSCTL_INT(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW,
&rip_sendspace, 0, "Maximum outgoing raw IP datagram size");
SYSCTL_INT(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW,
&rip_recvspace, 0, "Maximum incoming raw IP datagram size");
+SYSCTL_INT(_net_inet_raw, OID_AUTO, divertcompat, CTLFLAG_RW,
+ &rip_divertcompat, 0, "Return an error when creating an 'old' DIVERT socket");
static int
rip_attach(struct socket *so, int proto, struct thread *td)
@@ -510,6 +513,12 @@
panic("rip_attach");
if (td && (error = suser(td)) != 0)
return error;
+
+ if (proto >= IPPROTO_MAX || proto < 0)
+ return EPROTONOSUPPORT;
+
+ if (rip_divertcompat && proto == IPPROTO_OLD_DIVERT)
+ return EPROTONOSUPPORT;
error = soreserve(so, rip_sendspace, rip_recvspace);
if (error)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210262140.g9QLe08V001356>