version 1.169.2.3, 2004/12/18 09:33:05 |
version 1.192, 2003/12/08 02:23:27 |
Line 200 int ipprintfs = 0; |
|
Line 200 int ipprintfs = 0; |
|
#endif |
#endif |
|
|
int ip_do_randomid = 0; |
int ip_do_randomid = 0; |
int ip_do_loopback_cksum = 1; |
|
|
|
/* |
/* |
* XXX - Setting ip_checkinterface mostly implements the receive side of |
* XXX - Setting ip_checkinterface mostly implements the receive side of |
Line 220 int ip_checkinterface = 0; |
|
Line 219 int ip_checkinterface = 0; |
|
|
|
struct rttimer_queue *ip_mtudisc_timeout_q = NULL; |
struct rttimer_queue *ip_mtudisc_timeout_q = NULL; |
|
|
|
extern struct domain inetdomain; |
int ipqmaxlen = IFQ_MAXLEN; |
int ipqmaxlen = IFQ_MAXLEN; |
u_long in_ifaddrhash; /* size of hash table - 1 */ |
u_long in_ifaddrhash; /* size of hash table - 1 */ |
int in_ifaddrentries; /* total number of addrs */ |
int in_ifaddrentries; /* total number of addrs */ |
|
|
struct pfil_head inet_pfil_hook; |
struct pfil_head inet_pfil_hook; |
#endif |
#endif |
|
|
/* |
|
* Cached copy of nmbclusters. If nbclusters is different, |
|
* recalculate IP parameters derived from nmbclusters. |
|
*/ |
|
static int ip_nmbclusters; /* copy of nmbclusters */ |
|
static void ip_nmbclusters_changed __P((void)); /* recalc limits */ |
|
|
|
#define CHECK_NMBCLUSTER_PARAMS() \ |
|
do { \ |
|
if (__predict_false(ip_nmbclusters != nmbclusters)) \ |
|
ip_nmbclusters_changed(); \ |
|
} while (/*CONSTCOND*/0) |
|
|
|
/* IP datagram reassembly queues (hashed) */ |
/* IP datagram reassembly queues (hashed) */ |
#define IPREASS_NHASH_LOG2 6 |
#define IPREASS_NHASH_LOG2 6 |
#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) |
#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) |
|
|
(((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) |
(((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) |
struct ipqhead ipq[IPREASS_NHASH]; |
struct ipqhead ipq[IPREASS_NHASH]; |
int ipq_locked; |
int ipq_locked; |
static int ip_nfragpackets; /* packets in reass queue */ |
int ip_nfragpackets = 0; |
static int ip_nfrags; /* total fragments in reass queues */ |
int ip_maxfragpackets = 200; |
|
int ip_nfrags = 0; /* total fragments in reass queues */ |
int ip_maxfragpackets = 200; /* limit on packets. XXX sysctl */ |
|
int ip_maxfrags; /* limit on fragments. XXX sysctl */ |
|
|
|
|
|
/* |
|
* Additive-Increase/Multiplicative-Decrease (AIMD) strategy for |
|
* IP reassembly queue buffer managment. |
|
* |
|
* We keep a count of total IP fragments (NB: not fragmented packets!) |
|
* awaiting reassembly (ip_nfrags) and a limit (ip_maxfrags) on fragments. |
|
* If ip_nfrags exceeds ip_maxfrags the limit, we drop half the |
|
* total fragments in reassembly queues.This AIMD policy avoids |
|
* repeatedly deleting single packets under heavy fragmentation load |
|
* (e.g., from lossy NFS peers). |
|
*/ |
|
static u_int ip_reass_ttl_decr __P((u_int ticks)); |
|
static void ip_reass_drophalf __P((void)); |
|
|
|
|
|
static __inline int ipq_lock_try __P((void)); |
static __inline int ipq_lock_try __P((void)); |
static __inline void ipq_unlock __P((void)); |
static __inline void ipq_unlock __P((void)); |
|
|
|
|
#define IPQ_UNLOCK() ipq_unlock() |
#define IPQ_UNLOCK() ipq_unlock() |
|
|
POOL_INIT(inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", NULL); |
struct pool inmulti_pool; |
POOL_INIT(ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", NULL); |
struct pool ipqent_pool; |
|
|
#ifdef INET_CSUM_COUNTERS |
#ifdef INET_CSUM_COUNTERS |
#include <sys/device.h> |
#include <sys/device.h> |
Line 348 struct evcnt ip_swcsum = EVCNT_INITIALIZ |
|
Line 317 struct evcnt ip_swcsum = EVCNT_INITIALIZ |
|
|
|
#define INET_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ |
#define INET_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ |
|
|
EVCNT_ATTACH_STATIC(ip_hwcsum_bad); |
|
EVCNT_ATTACH_STATIC(ip_hwcsum_ok); |
|
EVCNT_ATTACH_STATIC(ip_swcsum); |
|
|
|
#else |
#else |
|
|
#define INET_CSUM_COUNTER_INCR(ev) /* nothing */ |
#define INET_CSUM_COUNTER_INCR(ev) /* nothing */ |
Line 381 struct mowner ip_tx_mowner = { "internet |
|
Line 346 struct mowner ip_tx_mowner = { "internet |
|
#endif |
#endif |
|
|
/* |
/* |
* Compute IP limits derived from the value of nmbclusters. |
|
*/ |
|
static void |
|
ip_nmbclusters_changed(void) |
|
{ |
|
ip_maxfrags = nmbclusters / 4; |
|
ip_nmbclusters = nmbclusters; |
|
} |
|
|
|
/* |
|
* IP initialization: fill in IP protocol switch table. |
* IP initialization: fill in IP protocol switch table. |
* All protocols not implemented in kernel go to raw IP protocol handler. |
* All protocols not implemented in kernel go to raw IP protocol handler. |
*/ |
*/ |
void |
void |
ip_init() |
ip_init() |
{ |
{ |
const struct protosw *pr; |
struct protosw *pr; |
int i; |
int i; |
|
|
|
pool_init(&inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", |
|
NULL); |
|
pool_init(&ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", |
|
NULL); |
|
|
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
if (pr == 0) |
if (pr == 0) |
panic("ip_init"); |
panic("ip_init"); |
|
|
LIST_INIT(&ipq[i]); |
LIST_INIT(&ipq[i]); |
|
|
ip_id = time.tv_sec & 0xfffff; |
ip_id = time.tv_sec & 0xfffff; |
|
|
ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
ip_nmbclusters_changed(); |
|
|
|
TAILQ_INIT(&in_ifaddrhead); |
TAILQ_INIT(&in_ifaddrhead); |
in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
M_WAITOK, &in_ifaddrhash); |
M_WAITOK, &in_ifaddrhash); |
|
|
"error %d\n", i); |
"error %d\n", i); |
#endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
|
|
|
#ifdef INET_CSUM_COUNTERS |
|
evcnt_attach_static(&ip_hwcsum_bad); |
|
evcnt_attach_static(&ip_hwcsum_ok); |
|
evcnt_attach_static(&ip_swcsum); |
|
#endif /* INET_CSUM_COUNTERS */ |
|
|
#ifdef MBUFTRACE |
#ifdef MBUFTRACE |
MOWNER_ATTACH(&ip_tx_mowner); |
MOWNER_ATTACH(&ip_tx_mowner); |
MOWNER_ATTACH(&ip_rx_mowner); |
MOWNER_ATTACH(&ip_rx_mowner); |
Line 573 ip_input(struct mbuf *m) |
|
Line 536 ip_input(struct mbuf *m) |
|
break; |
break; |
|
|
default: |
default: |
/* |
/* Must compute it ourselves. */ |
* Must compute it ourselves. Maybe skip checksum on |
INET_CSUM_COUNTER_INCR(&ip_swcsum); |
* loopback interfaces. |
if (in_cksum(m, hlen) != 0) |
*/ |
goto bad; |
if (__predict_true(!(m->m_pkthdr.rcvif->if_flags & |
|
IFF_LOOPBACK) || ip_do_loopback_cksum)) { |
|
INET_CSUM_COUNTER_INCR(&ip_swcsum); |
|
if (in_cksum(m, hlen) != 0) |
|
goto badcsum; |
|
} |
|
break; |
break; |
} |
} |
|
|
Line 615 ip_input(struct mbuf *m) |
|
Line 572 ip_input(struct mbuf *m) |
|
m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
} |
} |
|
|
#if defined(IPSEC) |
#if defined(IPSEC) || defined(FAST_IPSEC) |
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
#else |
#else |
Line 656 ip_input(struct mbuf *m) |
|
Line 613 ip_input(struct mbuf *m) |
|
return; |
return; |
ip = mtod(m, struct ip *); |
ip = mtod(m, struct ip *); |
hlen = ip->ip_hl << 2; |
hlen = ip->ip_hl << 2; |
/* |
|
* XXX The setting of "srcrt" here is to prevent ip_forward() |
|
* from generating ICMP redirects for packets that have |
|
* been redirected by a hook back out on to the same LAN that |
|
* they came from and is not an indication that the packet |
|
* is being inffluenced by source routing options. This |
|
* allows things like |
|
* "rdr tlp0 0/0 port 80 -> 1.1.1.200 3128 tcp" |
|
* where tlp0 is both on the 1.1.1.0/24 network and is the |
|
* default route for hosts on 1.1.1.0/24. Of course this |
|
* also requires a "map tlp0 ..." to complete the story. |
|
* One might argue whether or not this kind of network config. |
|
* should be supported in this manner... |
|
*/ |
|
srcrt = (odst.s_addr != ip->ip_dst.s_addr); |
srcrt = (odst.s_addr != ip->ip_dst.s_addr); |
} |
} |
#endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
Line 759 ip_input(struct mbuf *m) |
|
Line 702 ip_input(struct mbuf *m) |
|
#ifdef MROUTING |
#ifdef MROUTING |
extern struct socket *ip_mrouter; |
extern struct socket *ip_mrouter; |
|
|
|
if (M_READONLY(m)) { |
|
if ((m = m_pullup(m, hlen)) == 0) { |
|
ipstat.ips_toosmall++; |
|
return; |
|
} |
|
ip = mtod(m, struct ip *); |
|
} |
|
|
if (ip_mrouter) { |
if (ip_mrouter) { |
/* |
/* |
* If we are acting as a multicast router, all |
* If we are acting as a multicast router, all |
Line 855 ip_input(struct mbuf *m) |
|
Line 806 ip_input(struct mbuf *m) |
|
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
goto bad; |
goto bad; |
} |
} |
|
|
/* |
|
* Peek at the outbound SP for this packet to determine if |
|
* it's a Fast Forward candidate. |
|
*/ |
|
mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); |
|
if (mtag != NULL) |
|
m->m_flags &= ~M_CANFASTFWD; |
|
else { |
|
s = splsoftnet(); |
|
sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, |
|
(IP_FORWARDING | |
|
(ip_directedbcast ? IP_ALLOWBROADCAST : 0)), |
|
&error, NULL); |
|
if (sp != NULL) { |
|
m->m_flags &= ~M_CANFASTFWD; |
|
KEY_FREESP(&sp); |
|
} |
|
splx(s); |
|
} |
|
#endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
|
|
ip_forward(m, srcrt); |
ip_forward(m, srcrt); |
|
|
* but it's not worth the time; just let them time out.) |
* but it's not worth the time; just let them time out.) |
*/ |
*/ |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
|
if (M_READONLY(m)) { |
|
if ((m = m_pullup(m, hlen)) == NULL) { |
|
ipstat.ips_toosmall++; |
|
goto bad; |
|
} |
|
ip = mtod(m, struct ip *); |
|
} |
|
|
/* |
/* |
* Look for queue of fragments |
* Look for queue of fragments |
Line 1065 ip_reass(ipqe, fp, ipqhead) |
|
Line 1003 ip_reass(ipqe, fp, ipqhead) |
|
m->m_data += hlen; |
m->m_data += hlen; |
m->m_len -= hlen; |
m->m_len -= hlen; |
|
|
#ifdef notyet |
|
/* make sure fragment limit is up-to-date */ |
|
CHECK_NMBCLUSTER_PARAMS(); |
|
|
|
/* If we have too many fragments, drop the older half. */ |
|
if (ip_nfrags >= ip_maxfrags) |
|
ip_reass_drophalf(void); |
|
#endif |
|
|
|
/* |
/* |
* We are about to add a fragment; increment frag count. |
* We are about to add a fragment; increment frag count. |
*/ |
*/ |
|
|
} |
} |
|
|
/* |
/* |
* IP reassembly TTL machinery for multiplicative drop. |
|
*/ |
|
static u_int fragttl_histo[(IPFRAGTTL+1)]; |
|
|
|
|
|
/* |
|
* Decrement TTL of all reasembly queue entries by `ticks'. |
|
* Count number of distinct fragments (as opposed to partial, fragmented |
|
* datagrams) in the reassembly queue. While we traverse the entire |
|
* reassembly queue, compute and return the median TTL over all fragments. |
|
*/ |
|
static u_int |
|
ip_reass_ttl_decr(u_int ticks) |
|
{ |
|
u_int nfrags, median, dropfraction, keepfraction; |
|
struct ipq *fp, *nfp; |
|
int i; |
|
|
|
nfrags = 0; |
|
memset(fragttl_histo, 0, sizeof fragttl_histo); |
|
|
|
for (i = 0; i < IPREASS_NHASH; i++) { |
|
for (fp = LIST_FIRST(&ipq[i]); fp != NULL; fp = nfp) { |
|
fp->ipq_ttl = ((fp->ipq_ttl <= ticks) ? |
|
0 : fp->ipq_ttl - ticks); |
|
nfp = LIST_NEXT(fp, ipq_q); |
|
if (fp->ipq_ttl == 0) { |
|
ipstat.ips_fragtimeout++; |
|
ip_freef(fp); |
|
} else { |
|
nfrags += fp->ipq_nfrags; |
|
fragttl_histo[fp->ipq_ttl] += fp->ipq_nfrags; |
|
} |
|
} |
|
} |
|
|
|
KASSERT(ip_nfrags == nfrags); |
|
|
|
/* Find median (or other drop fraction) in histogram. */ |
|
dropfraction = (ip_nfrags / 2); |
|
keepfraction = ip_nfrags - dropfraction; |
|
for (i = IPFRAGTTL, median = 0; i >= 0; i--) { |
|
median += fragttl_histo[i]; |
|
if (median >= keepfraction) |
|
break; |
|
} |
|
|
|
/* Return TTL of median (or other fraction). */ |
|
return (u_int)i; |
|
} |
|
|
|
void |
|
ip_reass_drophalf(void) |
|
{ |
|
|
|
u_int median_ticks; |
|
/* |
|
* Compute median TTL of all fragments, and count frags |
|
* with that TTL or lower (roughly half of all fragments). |
|
*/ |
|
median_ticks = ip_reass_ttl_decr(0); |
|
|
|
/* Drop half. */ |
|
median_ticks = ip_reass_ttl_decr(median_ticks); |
|
|
|
} |
|
|
|
/* |
|
* IP timer processing; |
* IP timer processing; |
* if a timer expires on a reassembly |
* if a timer expires on a reassembly |
* queue, discard it. |
* queue, discard it. |
|
|
{ |
{ |
static u_int dropscanidx = 0; |
static u_int dropscanidx = 0; |
u_int i; |
u_int i; |
u_int median_ttl; |
struct ipq *fp, *nfp; |
int s = splsoftnet(); |
int s = splsoftnet(); |
|
|
IPQ_LOCK(); |
IPQ_LOCK(); |
|
for (i = 0; i < IPREASS_NHASH; i++) { |
/* Age TTL of all fragments by 1 tick .*/ |
for (fp = LIST_FIRST(&ipq[i]); fp != NULL; fp = nfp) { |
median_ttl = ip_reass_ttl_decr(1); |
nfp = LIST_NEXT(fp, ipq_q); |
|
if (--fp->ipq_ttl == 0) { |
/* make sure fragment limit is up-to-date */ |
ipstat.ips_fragtimeout++; |
CHECK_NMBCLUSTER_PARAMS(); |
ip_freef(fp); |
|
} |
/* If we have too many fragments, drop the older half. */ |
} |
if (ip_nfrags > ip_maxfrags) |
} |
ip_reass_ttl_decr(median_ttl); |
|
|
|
/* |
/* |
* If we are over the maximum number of fragmented packets |
* If we are over the maximum number of fragments |
* (due to the limit being lowered), drain off |
* (due to the limit being lowered), drain off |
* enough to get down to the new limit. Start draining |
* enough to get down to the new limit. Start draining |
* from the reassembly hashqueue most recently drained. |
* from the reassembly hashqueue most recently drained. |
|
|
void |
void |
ip_drain() |
ip_drain() |
{ |
{ |
|
int i; |
|
|
/* |
/* |
* We may be called from a device's interrupt context. If |
* We may be called from a device's interrupt context. If |
|
|
if (ipq_lock_try() == 0) |
if (ipq_lock_try() == 0) |
return; |
return; |
|
|
/* |
for (i = 0; i < IPREASS_NHASH; i++) { |
* Drop half the total fragments now. If more mbufs are needed, |
struct ipqhead *ipqh = &ipq[i]; |
* we will be called again soon. |
struct ipq *fp, *nfp; |
*/ |
for (fp = LIST_FIRST(ipqh); fp != NULL; fp = nfp) { |
ip_reass_drophalf(); |
nfp = LIST_NEXT(fp, ipq_q); |
|
ip_freef(fp); |
|
ipstat.ips_fragdropped++; |
|
} |
|
} |
|
|
IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
} |
} |
Line 1517 ip_dooptions(m) |
|
Line 1381 ip_dooptions(m) |
|
bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
sizeof(ipaddr.sin_addr)); |
sizeof(ipaddr.sin_addr)); |
if (opt == IPOPT_SSRR) |
if (opt == IPOPT_SSRR) |
ia = ifatoia(ifa_ifwithladdr(sintosa(&ipaddr))); |
ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))); |
else |
else |
ia = ip_rtaddr(ipaddr.sin_addr); |
ia = ip_rtaddr(ipaddr.sin_addr); |
if (ia == 0) { |
if (ia == 0) { |
Line 2168 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
Line 2032 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
{ |
{ |
extern int subnetsarelocal, hostzeroisbroadcast; |
extern int subnetsarelocal, hostzeroisbroadcast; |
|
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT, |
CTLFLAG_PERMANENT, |
|
CTLTYPE_NODE, "net", NULL, |
CTLTYPE_NODE, "net", NULL, |
NULL, 0, NULL, 0, |
NULL, 0, NULL, 0, |
CTL_NET, CTL_EOL); |
CTL_NET, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT, |
CTLFLAG_PERMANENT, |
CTLTYPE_NODE, "inet", NULL, |
CTLTYPE_NODE, "inet", |
|
SYSCTL_DESCR("PF_INET related settings"), |
|
NULL, 0, NULL, 0, |
NULL, 0, NULL, 0, |
CTL_NET, PF_INET, CTL_EOL); |
CTL_NET, PF_INET, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT, |
CTLFLAG_PERMANENT, |
CTLTYPE_NODE, "ip", NULL, |
CTLTYPE_NODE, "ip", |
|
SYSCTL_DESCR("IPv4 related settings"), |
|
NULL, 0, NULL, 0, |
NULL, 0, NULL, 0, |
CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL); |
CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL); |
|
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "forwarding", NULL, |
CTLTYPE_INT, "forwarding", |
|
SYSCTL_DESCR("Enable forwarding of INET datagrams"), |
|
NULL, 0, &ipforwarding, 0, |
NULL, 0, &ipforwarding, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_FORWARDING, CTL_EOL); |
IPCTL_FORWARDING, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "redirect", NULL, |
CTLTYPE_INT, "redirect", |
|
SYSCTL_DESCR("Enable sending of ICMP redirect messages"), |
|
NULL, 0, &ipsendredirects, 0, |
NULL, 0, &ipsendredirects, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_SENDREDIRECTS, CTL_EOL); |
IPCTL_SENDREDIRECTS, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "ttl", NULL, |
CTLTYPE_INT, "ttl", |
|
SYSCTL_DESCR("Default TTL for an INET datagram"), |
|
NULL, 0, &ip_defttl, 0, |
NULL, 0, &ip_defttl, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_DEFTTL, CTL_EOL); |
IPCTL_DEFTTL, CTL_EOL); |
#ifdef IPCTL_DEFMTU |
#ifdef IPCTL_DEFMTU |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT /* |SYSCTL_READWRITE? */, |
CTLFLAG_PERMANENT /* |CTLFLAG_READWRITE? */, |
CTLTYPE_INT, "mtu", NULL, |
CTLTYPE_INT, "mtu", |
|
SYSCTL_DESCR("Default MTA for an INET route"), |
|
NULL, 0, &ip_mtu, 0, |
NULL, 0, &ip_mtu, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_DEFMTU, CTL_EOL); |
IPCTL_DEFMTU, CTL_EOL); |
#endif /* IPCTL_DEFMTU */ |
#endif /* IPCTL_DEFMTU */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READONLY1, |
CTLFLAG_PERMANENT|CTLFLAG_READONLY1, |
CTLTYPE_INT, "forwsrcrt", NULL, |
CTLTYPE_INT, "forwsrcrt", |
|
SYSCTL_DESCR("Enable forwarding of source-routed " |
|
"datagrams"), |
|
NULL, 0, &ip_forwsrcrt, 0, |
NULL, 0, &ip_forwsrcrt, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_FORWSRCRT, CTL_EOL); |
IPCTL_FORWSRCRT, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "directed-broadcast", NULL, |
CTLTYPE_INT, "directed-broadcast", |
|
SYSCTL_DESCR("Enable forwarding of broadcast datagrams"), |
|
NULL, 0, &ip_directedbcast, 0, |
NULL, 0, &ip_directedbcast, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_DIRECTEDBCAST, CTL_EOL); |
IPCTL_DIRECTEDBCAST, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "allowsrcrt", NULL, |
CTLTYPE_INT, "allowsrcrt", |
|
SYSCTL_DESCR("Accept source-routed datagrams"), |
|
NULL, 0, &ip_allowsrcrt, 0, |
NULL, 0, &ip_allowsrcrt, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_ALLOWSRCRT, CTL_EOL); |
IPCTL_ALLOWSRCRT, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "subnetsarelocal", NULL, |
CTLTYPE_INT, "subnetsarelocal", |
|
SYSCTL_DESCR("Whether logical subnets are considered " |
|
"local"), |
|
NULL, 0, &subnetsarelocal, 0, |
NULL, 0, &subnetsarelocal, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_SUBNETSARELOCAL, CTL_EOL); |
IPCTL_SUBNETSARELOCAL, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "mtudisc", NULL, |
CTLTYPE_INT, "mtudisc", |
|
SYSCTL_DESCR("Use RFC1191 Path MTU Discovery"), |
|
NULL, 0, &ip_mtudisc, 0, |
NULL, 0, &ip_mtudisc, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_MTUDISC, CTL_EOL); |
IPCTL_MTUDISC, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "anonportmin", NULL, |
CTLTYPE_INT, "anonportmin", |
|
SYSCTL_DESCR("Lowest ephemeral port number to assign"), |
|
sysctl_net_inet_ip_ports, 0, &anonportmin, 0, |
sysctl_net_inet_ip_ports, 0, &anonportmin, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_ANONPORTMIN, CTL_EOL); |
IPCTL_ANONPORTMIN, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "anonportmax", NULL, |
CTLTYPE_INT, "anonportmax", |
|
SYSCTL_DESCR("Highest ephemeral port number to assign"), |
|
sysctl_net_inet_ip_ports, 0, &anonportmax, 0, |
sysctl_net_inet_ip_ports, 0, &anonportmax, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_ANONPORTMAX, CTL_EOL); |
IPCTL_ANONPORTMAX, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "mtudisctimeout", NULL, |
CTLTYPE_INT, "mtudisctimeout", |
|
SYSCTL_DESCR("Lifetime of a Path MTU Discovered route"), |
|
sysctl_net_inet_ip_pmtudto, 0, &ip_mtudisc_timeout, 0, |
sysctl_net_inet_ip_pmtudto, 0, &ip_mtudisc_timeout, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_MTUDISCTIMEOUT, CTL_EOL); |
IPCTL_MTUDISCTIMEOUT, CTL_EOL); |
#ifdef GATEWAY |
#ifdef GATEWAY |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxflows", NULL, |
CTLTYPE_INT, "maxflows", |
|
SYSCTL_DESCR("Number of flows for fast forwarding"), |
|
sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, |
sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_MAXFLOWS, CTL_EOL); |
IPCTL_MAXFLOWS, CTL_EOL); |
#endif /* GATEWAY */ |
#endif /* GATEWAY */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "hostzerobroadcast", NULL, |
CTLTYPE_INT, "hostzerobroadcast", |
|
SYSCTL_DESCR("All zeroes address is broadcast address"), |
|
NULL, 0, &hostzeroisbroadcast, 0, |
NULL, 0, &hostzeroisbroadcast, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_HOSTZEROBROADCAST, CTL_EOL); |
IPCTL_HOSTZEROBROADCAST, CTL_EOL); |
#if NGIF > 0 |
#if NGIF > 0 |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "gifttl", NULL, |
CTLTYPE_INT, "gifttl", |
|
SYSCTL_DESCR("Default TTL for a gif tunnel datagram"), |
|
NULL, 0, &ip_gif_ttl, 0, |
NULL, 0, &ip_gif_ttl, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_GIF_TTL, CTL_EOL); |
IPCTL_GIF_TTL, CTL_EOL); |
#endif /* NGIF */ |
#endif /* NGIF */ |
#ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "lowportmin", NULL, |
CTLTYPE_INT, "lowportmin", |
|
SYSCTL_DESCR("Lowest privileged ephemeral port number " |
|
"to assign"), |
|
sysctl_net_inet_ip_ports, 0, &lowportmin, 0, |
sysctl_net_inet_ip_ports, 0, &lowportmin, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_LOWPORTMIN, CTL_EOL); |
IPCTL_LOWPORTMIN, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "lowportmax", NULL, |
CTLTYPE_INT, "lowportmax", |
|
SYSCTL_DESCR("Highest privileged ephemeral port number " |
|
"to assign"), |
|
sysctl_net_inet_ip_ports, 0, &lowportmax, 0, |
sysctl_net_inet_ip_ports, 0, &lowportmax, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_LOWPORTMAX, CTL_EOL); |
IPCTL_LOWPORTMAX, CTL_EOL); |
#endif /* IPNOPRIVPORTS */ |
#endif /* IPNOPRIVPORTS */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxfragpackets", NULL, |
CTLTYPE_INT, "maxfragpackets", |
|
SYSCTL_DESCR("Maximum number of fragments to retain for " |
|
"possible reassembly"), |
|
NULL, 0, &ip_maxfragpackets, 0, |
NULL, 0, &ip_maxfragpackets, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_MAXFRAGPACKETS, CTL_EOL); |
IPCTL_MAXFRAGPACKETS, CTL_EOL); |
#if NGRE > 0 |
#if NGRE > 0 |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "grettl", NULL, |
CTLTYPE_INT, "grettl", |
|
SYSCTL_DESCR("Default TTL for a gre tunnel datagram"), |
|
NULL, 0, &ip_gre_ttl, 0, |
NULL, 0, &ip_gre_ttl, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_GRE_TTL, CTL_EOL); |
IPCTL_GRE_TTL, CTL_EOL); |
#endif /* NGRE */ |
#endif /* NGRE */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "checkinterface", NULL, |
CTLTYPE_INT, "checkinterface", |
|
SYSCTL_DESCR("Enable receive side of Strong ES model " |
|
"from RFC1122"), |
|
NULL, 0, &ip_checkinterface, 0, |
NULL, 0, &ip_checkinterface, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_CHECKINTERFACE, CTL_EOL); |
IPCTL_CHECKINTERFACE, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "random_id", NULL, |
CTLTYPE_INT, "random_id", |
|
SYSCTL_DESCR("Assign random ip_id values"), |
|
NULL, 0, &ip_do_randomid, 0, |
NULL, 0, &ip_do_randomid, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_RANDOMID, CTL_EOL); |
IPCTL_RANDOMID, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "do_loopback_cksum", |
|
SYSCTL_DESCR("Perform IP checksum on loopback"), |
|
NULL, 0, &ip_do_loopback_cksum, 0, |
|
CTL_NET, PF_INET, IPPROTO_IP, |
|
IPCTL_LOOPBACKCKSUM, CTL_EOL); |
|
} |
} |