Date: Sat, 26 Oct 2002 16:24:38 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Bill Fenner <fenner@research.att.com> Cc: arch@freebsd.org Subject: Re: Renumbering IPPROTO_DIVERT Message-ID: <Pine.BSF.4.21.0210261622370.13443-100000@InterJet.elischer.org> In-Reply-To: <200210262140.g9QLe08V001356@stash.attlabs.att.com>
next in thread | previous in thread | raw e-mail | index | archive | help
looks fine to me, but I'd also spit an erro out on the console being
very explicit about what is wrong.. something like
"Old divert protocol called. recompile programs uding 'divert'".
Maybe with a rate limitter.
On Sat, 26 Oct 2002, Bill Fenner wrote:
> Here's a diff that implements Archie's suggestion, with a sysctl
> to turn it off in case you have a real consumer of IP protocol 254.
>
> The rip_divertcompat code should go away in a couple of releases.
>
> "compat" isn't a very good name for it, since it's not compatible.
>
> The first new if in rip_attach() is a related bug that I found during
> this conversion; turns out that raw IP uses the third argument mod 256
> as the IP protocol number, instead of returning an error for a protocol
> number that IP cannot support.
>
> Bill
>
> Index: in.h
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/in.h,v
> retrieving revision 1.72
> diff -u -r1.72 in.h
> --- in.h 21 Oct 2002 20:40:02 -0000 1.72
> +++ in.h 26 Oct 2002 21:35:01 -0000
> @@ -236,12 +236,15 @@
> #define IPPROTO_PIM 103 /* Protocol Independent Mcast */
> #define IPPROTO_PGM 113 /* PGM */
> /* 255: Reserved */
> -/* BSD Private, local use, namespace incursion */
> -#define IPPROTO_DIVERT 254 /* divert pseudo-protocol */
> +/* BSD Private, local use, namespace incursion, no longer used */
> +#define IPPROTO_OLD_DIVERT 254 /* OLD divert pseudo-proto */
> #define IPPROTO_MAX 256
>
> /* last return value of *_input(), meaning "all job for this pkt is done". */
> #define IPPROTO_DONE 257
> +
> +/* Only used internally, so can be outside the range of valid IP protocols. */
> +#define IPPROTO_DIVERT 258 /* divert pseudo-protocol */
>
> /*
> * Local port number conventions:
> Index: ip_divert.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
> retrieving revision 1.69
> diff -u -r1.69 ip_divert.c
> --- ip_divert.c 24 Oct 2002 09:58:50 -0000 1.69
> +++ ip_divert.c 25 Oct 2002 23:39:04 -0000
> @@ -136,8 +136,8 @@
> }
>
> /*
> - * IPPROTO_DIVERT is not a real IP protocol; don't allow any packets
> - * with that protocol number to enter the system from the outside.
> + * IPPROTO_DIVERT is not in the real IP protocol number space; this
> + * function should never be called. Just in case, drop any packets.
> */
> void
> div_input(struct mbuf *m, int off)
> Index: raw_ip.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
> retrieving revision 1.103
> diff -u -r1.103 raw_ip.c
> --- raw_ip.c 20 Oct 2002 22:52:07 -0000 1.103
> +++ raw_ip.c 26 Oct 2002 21:32:25 -0000
> @@ -493,11 +493,14 @@
>
> u_long rip_sendspace = RIPSNDQ;
> u_long rip_recvspace = RIPRCVQ;
> +int rip_divertcompat = 1;
>
> SYSCTL_INT(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW,
> &rip_sendspace, 0, "Maximum outgoing raw IP datagram size");
> SYSCTL_INT(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW,
> &rip_recvspace, 0, "Maximum incoming raw IP datagram size");
> +SYSCTL_INT(_net_inet_raw, OID_AUTO, divertcompat, CTLFLAG_RW,
> + &rip_divertcompat, 0, "Return an error when creating an 'old' DIVERT socket");
>
> static int
> rip_attach(struct socket *so, int proto, struct thread *td)
> @@ -510,6 +513,12 @@
> panic("rip_attach");
> if (td && (error = suser(td)) != 0)
> return error;
> +
> + if (proto >= IPPROTO_MAX || proto < 0)
> + return EPROTONOSUPPORT;
> +
> + if (rip_divertcompat && proto == IPPROTO_OLD_DIVERT)
> + return EPROTONOSUPPORT;
>
> error = soreserve(so, rip_sendspace, rip_recvspace);
> if (error)
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0210261622370.13443-100000>