From owner-freebsd-bugs  Tue Jan 15  7:40:15 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id C0C8A37B41A
	for <freebsd-bugs@hub.freebsd.org>; Tue, 15 Jan 2002 07:40:00 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0FFe0g51985;
	Tue, 15 Jan 2002 07:40:00 -0800 (PST)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 112D337B41A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 15 Jan 2002 07:38:21 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0FFcLR51705;
	Tue, 15 Jan 2002 07:38:21 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201151538.g0FFcLR51705@freefall.freebsd.org>
Date: Tue, 15 Jan 2002 07:38:21 -0800 (PST)
From: "idan l." <shadow@tty64.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: conf/33923: black hole ignored ports
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         33923
>Category:       conf
>Synopsis:       black hole ignored ports
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 15 07:40:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     idan l.
>Release:        FreeBSD 4.4 stable
>Organization:
none.ltd
>Environment:
FreeBSD shadow.localhost 4.4-STABLE FreeBSD 4.4-
GMT 2002     root@shadow.localhost:/usr/src/sys
>Description:
a new sysctl that will allow the blackhole option to ignore ports such as 
111(portmap) 113(identd) this will allow the user to work faster due to the fact that some services such as irc 
\check if identd(port 113) is running and the blackhole optino take time till the packet timed out \
>How-To-Repeat:
sysctl net.inet.tcp.blackhole=1
telnet irc.bitchx.org 6667
		
>Fix:
# the patch contain a new option to sysctl and refer to the file #sys/netinet/tcp_input.c
#I've compiled and test that option and didn't findany problems tho #you should make your own tests before deciding on putting in your #releases
37c37
< #include "opt_ipfw.h"		
---
> #include "opt_ipfw.h"		/* for ipfw_fwd		*/
101,119d100
< char blackhole_ig_ports[256];
< 
< static int handle_bhole_ig_ports(SYSCTL_HANDLER_ARGS) 
< {
<     int error;
<     
<     error = sysctl_handle_string(oidp,blackhole_ig_ports,sizeof(blackhole_ig_ports),
< 	    req);
< 	    
<     return error;
< }
< 
< SYSCTL_PROC(_net_inet_tcp,OID_AUTO,blackhole_ig_ports,
< 	    CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON,0,0,handle_bhole_ig_ports,
< 	    "A","blackhole ignore ports");
< 
< char *strtok(char *,const char*);
< char *strtok_r(char *,const char *,char **);
< 	    	    
359d339
< 	char *ptr = 0,temp_str[sizeof(blackhole_ig_ports)+1];
643,657c623,625
< 
< 			    if (thflags & TH_SYN) { 
< 				
< 				strcpy(temp_str,blackhole_ig_ports);
< 				for(ptr = strtok(temp_str,":")
< 				;ptr;ptr = strtok(NULL,":")) { 
< 				    if(strtol(ptr,(char **)NULL,10) == ntohs(
< 				    th->th_dport)) goto bhole_continue;
< 			
< 				}			
< 		
< 				goto drop;
< 			    }
< 			    
< 			    break;
---
> 				if (thflags & TH_SYN)
> 					goto drop;
> 				break;
664d631
< bhole_continue:		
2968,3034d2934
< 
< /* strtok copied from libc (/usr/src/lib/libc/string/strtok.c) */
< char *
< strtok_r(char *s, const char *delim, char **last)
< {
<     char *spanp;
<     int c, sc;
<     char *tok;
<     if (s == NULL && (s = *last) == NULL)
<     {
<         return NULL;
<     }
<     /*
<      * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
<      */
< cont:
<     c = *s++;
<     for (spanp = (char *)delim; (sc = *spanp++) != 0; )
<     {
<         if (c == sc)
<         {
<             goto cont;
<         }
<     }
< 
<     if (c == 0)         /* no non-delimiter characters */
<     {
<         *last = NULL;
<         return NULL;
<     }
<     tok = s - 1;
<     /*
<      * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
<      * Note that delim must have one NUL; we stop if we see that, too.
<      */
<     for (;;)
<     {
<         c = *s++;
<         spanp = (char *)delim;
<         do
<         {
<             if ((sc = *spanp++) == c)
<             {
<                 if (c == 0)
<                 {
<                     s = NULL;
<                 }
<                 else
<                 {
<                     char *w = s - 1;
<                     *w = '\0';
<                 }
<                 *last = s;
<                 return tok;
<             }
<         }
<         while (sc != 0);
<     }
<     /* NOTREACHED */
< }
< char *
< strtok(char *s, const char *delim)
< {
<     static char *last;
<     return strtok_r(s, delim, &last);
< }
< 

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message