| version 1.169.2.3, 2004/12/18 09:33:05 |
version 1.192, 2003/12/08 02:23:27 |
| Line 200 int ipprintfs = 0; |
|
| Line 200 int ipprintfs = 0; |
|
| #endif |
#endif |
| |
|
| int ip_do_randomid = 0; |
int ip_do_randomid = 0; |
| int ip_do_loopback_cksum = 1; |
|
| |
|
| /* |
/* |
| * XXX - Setting ip_checkinterface mostly implements the receive side of |
* XXX - Setting ip_checkinterface mostly implements the receive side of |
| Line 220 int ip_checkinterface = 0; |
|
| Line 219 int ip_checkinterface = 0; |
|
| |
|
| struct rttimer_queue *ip_mtudisc_timeout_q = NULL; |
struct rttimer_queue *ip_mtudisc_timeout_q = NULL; |
| |
|
| |
extern struct domain inetdomain; |
| int ipqmaxlen = IFQ_MAXLEN; |
int ipqmaxlen = IFQ_MAXLEN; |
| u_long in_ifaddrhash; /* size of hash table - 1 */ |
u_long in_ifaddrhash; /* size of hash table - 1 */ |
| int in_ifaddrentries; /* total number of addrs */ |
int in_ifaddrentries; /* total number of addrs */ |
|
|
| struct pfil_head inet_pfil_hook; |
struct pfil_head inet_pfil_hook; |
| #endif |
#endif |
| |
|
| /* |
|
| * Cached copy of nmbclusters. If nbclusters is different, |
|
| * recalculate IP parameters derived from nmbclusters. |
|
| */ |
|
| static int ip_nmbclusters; /* copy of nmbclusters */ |
|
| static void ip_nmbclusters_changed __P((void)); /* recalc limits */ |
|
| |
|
| #define CHECK_NMBCLUSTER_PARAMS() \ |
|
| do { \ |
|
| if (__predict_false(ip_nmbclusters != nmbclusters)) \ |
|
| ip_nmbclusters_changed(); \ |
|
| } while (/*CONSTCOND*/0) |
|
| |
|
| /* IP datagram reassembly queues (hashed) */ |
/* IP datagram reassembly queues (hashed) */ |
| #define IPREASS_NHASH_LOG2 6 |
#define IPREASS_NHASH_LOG2 6 |
| #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) |
#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) |
|
|
| (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) |
(((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) |
| struct ipqhead ipq[IPREASS_NHASH]; |
struct ipqhead ipq[IPREASS_NHASH]; |
| int ipq_locked; |
int ipq_locked; |
| static int ip_nfragpackets; /* packets in reass queue */ |
int ip_nfragpackets = 0; |
| static int ip_nfrags; /* total fragments in reass queues */ |
int ip_maxfragpackets = 200; |
| |
int ip_nfrags = 0; /* total fragments in reass queues */ |
| int ip_maxfragpackets = 200; /* limit on packets. XXX sysctl */ |
|
| int ip_maxfrags; /* limit on fragments. XXX sysctl */ |
|
| |
|
| |
|
| /* |
|
| * Additive-Increase/Multiplicative-Decrease (AIMD) strategy for |
|
| * IP reassembly queue buffer managment. |
|
| * |
|
| * We keep a count of total IP fragments (NB: not fragmented packets!) |
|
| * awaiting reassembly (ip_nfrags) and a limit (ip_maxfrags) on fragments. |
|
| * If ip_nfrags exceeds ip_maxfrags the limit, we drop half the |
|
| * total fragments in reassembly queues.This AIMD policy avoids |
|
| * repeatedly deleting single packets under heavy fragmentation load |
|
| * (e.g., from lossy NFS peers). |
|
| */ |
|
| static u_int ip_reass_ttl_decr __P((u_int ticks)); |
|
| static void ip_reass_drophalf __P((void)); |
|
| |
|
| |
|
| static __inline int ipq_lock_try __P((void)); |
static __inline int ipq_lock_try __P((void)); |
| static __inline void ipq_unlock __P((void)); |
static __inline void ipq_unlock __P((void)); |
|
|
| |
|
| #define IPQ_UNLOCK() ipq_unlock() |
#define IPQ_UNLOCK() ipq_unlock() |
| |
|
| POOL_INIT(inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", NULL); |
struct pool inmulti_pool; |
| POOL_INIT(ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", NULL); |
struct pool ipqent_pool; |
| |
|
| #ifdef INET_CSUM_COUNTERS |
#ifdef INET_CSUM_COUNTERS |
| #include <sys/device.h> |
#include <sys/device.h> |
| Line 348 struct evcnt ip_swcsum = EVCNT_INITIALIZ |
|
| Line 317 struct evcnt ip_swcsum = EVCNT_INITIALIZ |
|
| |
|
| #define INET_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ |
#define INET_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ |
| |
|
| EVCNT_ATTACH_STATIC(ip_hwcsum_bad); |
|
| EVCNT_ATTACH_STATIC(ip_hwcsum_ok); |
|
| EVCNT_ATTACH_STATIC(ip_swcsum); |
|
| |
|
| #else |
#else |
| |
|
| #define INET_CSUM_COUNTER_INCR(ev) /* nothing */ |
#define INET_CSUM_COUNTER_INCR(ev) /* nothing */ |
| Line 381 struct mowner ip_tx_mowner = { "internet |
|
| Line 346 struct mowner ip_tx_mowner = { "internet |
|
| #endif |
#endif |
| |
|
| /* |
/* |
| * Compute IP limits derived from the value of nmbclusters. |
|
| */ |
|
| static void |
|
| ip_nmbclusters_changed(void) |
|
| { |
|
| ip_maxfrags = nmbclusters / 4; |
|
| ip_nmbclusters = nmbclusters; |
|
| } |
|
| |
|
| /* |
|
| * IP initialization: fill in IP protocol switch table. |
* IP initialization: fill in IP protocol switch table. |
| * All protocols not implemented in kernel go to raw IP protocol handler. |
* All protocols not implemented in kernel go to raw IP protocol handler. |
| */ |
*/ |
| void |
void |
| ip_init() |
ip_init() |
| { |
{ |
| const struct protosw *pr; |
struct protosw *pr; |
| int i; |
int i; |
| |
|
| |
pool_init(&inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", |
| |
NULL); |
| |
pool_init(&ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", |
| |
NULL); |
| |
|
| pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
| if (pr == 0) |
if (pr == 0) |
| panic("ip_init"); |
panic("ip_init"); |
|
|
| LIST_INIT(&ipq[i]); |
LIST_INIT(&ipq[i]); |
| |
|
| ip_id = time.tv_sec & 0xfffff; |
ip_id = time.tv_sec & 0xfffff; |
| |
|
| ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
| ip_nmbclusters_changed(); |
|
| |
|
| TAILQ_INIT(&in_ifaddrhead); |
TAILQ_INIT(&in_ifaddrhead); |
| in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
| M_WAITOK, &in_ifaddrhash); |
M_WAITOK, &in_ifaddrhash); |
|
|
| "error %d\n", i); |
"error %d\n", i); |
| #endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
| |
|
| |
#ifdef INET_CSUM_COUNTERS |
| |
evcnt_attach_static(&ip_hwcsum_bad); |
| |
evcnt_attach_static(&ip_hwcsum_ok); |
| |
evcnt_attach_static(&ip_swcsum); |
| |
#endif /* INET_CSUM_COUNTERS */ |
| |
|
| #ifdef MBUFTRACE |
#ifdef MBUFTRACE |
| MOWNER_ATTACH(&ip_tx_mowner); |
MOWNER_ATTACH(&ip_tx_mowner); |
| MOWNER_ATTACH(&ip_rx_mowner); |
MOWNER_ATTACH(&ip_rx_mowner); |
| Line 573 ip_input(struct mbuf *m) |
|
| Line 536 ip_input(struct mbuf *m) |
|
| break; |
break; |
| |
|
| default: |
default: |
| /* |
/* Must compute it ourselves. */ |
| * Must compute it ourselves. Maybe skip checksum on |
INET_CSUM_COUNTER_INCR(&ip_swcsum); |
| * loopback interfaces. |
if (in_cksum(m, hlen) != 0) |
| */ |
goto bad; |
| if (__predict_true(!(m->m_pkthdr.rcvif->if_flags & |
|
| IFF_LOOPBACK) || ip_do_loopback_cksum)) { |
|
| INET_CSUM_COUNTER_INCR(&ip_swcsum); |
|
| if (in_cksum(m, hlen) != 0) |
|
| goto badcsum; |
|
| } |
|
| break; |
break; |
| } |
} |
| |
|
| Line 615 ip_input(struct mbuf *m) |
|
| Line 572 ip_input(struct mbuf *m) |
|
| m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
| } |
} |
| |
|
| #if defined(IPSEC) |
#if defined(IPSEC) || defined(FAST_IPSEC) |
| /* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
| m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
| #else |
#else |
| Line 656 ip_input(struct mbuf *m) |
|
| Line 613 ip_input(struct mbuf *m) |
|
| return; |
return; |
| ip = mtod(m, struct ip *); |
ip = mtod(m, struct ip *); |
| hlen = ip->ip_hl << 2; |
hlen = ip->ip_hl << 2; |
| /* |
|
| * XXX The setting of "srcrt" here is to prevent ip_forward() |
|
| * from generating ICMP redirects for packets that have |
|
| * been redirected by a hook back out on to the same LAN that |
|
| * they came from and is not an indication that the packet |
|
| * is being inffluenced by source routing options. This |
|
| * allows things like |
|
| * "rdr tlp0 0/0 port 80 -> 1.1.1.200 3128 tcp" |
|
| * where tlp0 is both on the 1.1.1.0/24 network and is the |
|
| * default route for hosts on 1.1.1.0/24. Of course this |
|
| * also requires a "map tlp0 ..." to complete the story. |
|
| * One might argue whether or not this kind of network config. |
|
| * should be supported in this manner... |
|
| */ |
|
| srcrt = (odst.s_addr != ip->ip_dst.s_addr); |
srcrt = (odst.s_addr != ip->ip_dst.s_addr); |
| } |
} |
| #endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
| Line 759 ip_input(struct mbuf *m) |
|
| Line 702 ip_input(struct mbuf *m) |
|
| #ifdef MROUTING |
#ifdef MROUTING |
| extern struct socket *ip_mrouter; |
extern struct socket *ip_mrouter; |
| |
|
| |
if (M_READONLY(m)) { |
| |
if ((m = m_pullup(m, hlen)) == 0) { |
| |
ipstat.ips_toosmall++; |
| |
return; |
| |
} |
| |
ip = mtod(m, struct ip *); |
| |
} |
| |
|
| if (ip_mrouter) { |
if (ip_mrouter) { |
| /* |
/* |
| * If we are acting as a multicast router, all |
* If we are acting as a multicast router, all |
| Line 855 ip_input(struct mbuf *m) |
|
| Line 806 ip_input(struct mbuf *m) |
|
| ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
| goto bad; |
goto bad; |
| } |
} |
| |
|
| /* |
|
| * Peek at the outbound SP for this packet to determine if |
|
| * it's a Fast Forward candidate. |
|
| */ |
|
| mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL); |
|
| if (mtag != NULL) |
|
| m->m_flags &= ~M_CANFASTFWD; |
|
| else { |
|
| s = splsoftnet(); |
|
| sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, |
|
| (IP_FORWARDING | |
|
| (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), |
|
| &error, NULL); |
|
| if (sp != NULL) { |
|
| m->m_flags &= ~M_CANFASTFWD; |
|
| KEY_FREESP(&sp); |
|
| } |
|
| splx(s); |
|
| } |
|
| #endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
| |
|
| ip_forward(m, srcrt); |
ip_forward(m, srcrt); |
|
|
| * but it's not worth the time; just let them time out.) |
* but it's not worth the time; just let them time out.) |
| */ |
*/ |
| if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
| |
if (M_READONLY(m)) { |
| |
if ((m = m_pullup(m, hlen)) == NULL) { |
| |
ipstat.ips_toosmall++; |
| |
goto bad; |
| |
} |
| |
ip = mtod(m, struct ip *); |
| |
} |
| |
|
| /* |
/* |
| * Look for queue of fragments |
* Look for queue of fragments |
| Line 1065 ip_reass(ipqe, fp, ipqhead) |
|
| Line 1003 ip_reass(ipqe, fp, ipqhead) |
|
| m->m_data += hlen; |
m->m_data += hlen; |
| m->m_len -= hlen; |
m->m_len -= hlen; |
| |
|
| #ifdef notyet |
|
| /* make sure fragment limit is up-to-date */ |
|
| CHECK_NMBCLUSTER_PARAMS(); |
|
| |
|
| /* If we have too many fragments, drop the older half. */ |
|
| if (ip_nfrags >= ip_maxfrags) |
|
| ip_reass_drophalf(void); |
|
| #endif |
|
| |
|
| /* |
/* |
| * We are about to add a fragment; increment frag count. |
* We are about to add a fragment; increment frag count. |
| */ |
*/ |
|
|
| } |
} |
| |
|
| /* |
/* |
| * IP reassembly TTL machinery for multiplicative drop. |
|
| */ |
|
| static u_int fragttl_histo[(IPFRAGTTL+1)]; |
|
| |
|
| |
|
| /* |
|
| * Decrement TTL of all reasembly queue entries by `ticks'. |
|
| * Count number of distinct fragments (as opposed to partial, fragmented |
|
| * datagrams) in the reassembly queue. While we traverse the entire |
|
| * reassembly queue, compute and return the median TTL over all fragments. |
|
| */ |
|
| static u_int |
|
| ip_reass_ttl_decr(u_int ticks) |
|
| { |
|
| u_int nfrags, median, dropfraction, keepfraction; |
|
| struct ipq *fp, *nfp; |
|
| int i; |
|
| |
|
| nfrags = 0; |
|
| memset(fragttl_histo, 0, sizeof fragttl_histo); |
|
| |
|
| for (i = 0; i < IPREASS_NHASH; i++) { |
|
| for (fp = LIST_FIRST(&ipq[i]); fp != NULL; fp = nfp) { |
|
| fp->ipq_ttl = ((fp->ipq_ttl <= ticks) ? |
|
| 0 : fp->ipq_ttl - ticks); |
|
| nfp = LIST_NEXT(fp, ipq_q); |
|
| if (fp->ipq_ttl == 0) { |
|
| ipstat.ips_fragtimeout++; |
|
| ip_freef(fp); |
|
| } else { |
|
| nfrags += fp->ipq_nfrags; |
|
| fragttl_histo[fp->ipq_ttl] += fp->ipq_nfrags; |
|
| } |
|
| } |
|
| } |
|
| |
|
| KASSERT(ip_nfrags == nfrags); |
|
| |
|
| /* Find median (or other drop fraction) in histogram. */ |
|
| dropfraction = (ip_nfrags / 2); |
|
| keepfraction = ip_nfrags - dropfraction; |
|
| for (i = IPFRAGTTL, median = 0; i >= 0; i--) { |
|
| median += fragttl_histo[i]; |
|
| if (median >= keepfraction) |
|
| break; |
|
| } |
|
| |
|
| /* Return TTL of median (or other fraction). */ |
|
| return (u_int)i; |
|
| } |
|
| |
|
| void |
|
| ip_reass_drophalf(void) |
|
| { |
|
| |
|
| u_int median_ticks; |
|
| /* |
|
| * Compute median TTL of all fragments, and count frags |
|
| * with that TTL or lower (roughly half of all fragments). |
|
| */ |
|
| median_ticks = ip_reass_ttl_decr(0); |
|
| |
|
| /* Drop half. */ |
|
| median_ticks = ip_reass_ttl_decr(median_ticks); |
|
| |
|
| } |
|
| |
|
| /* |
|
| * IP timer processing; |
* IP timer processing; |
| * if a timer expires on a reassembly |
* if a timer expires on a reassembly |
| * queue, discard it. |
* queue, discard it. |
|
|
| { |
{ |
| static u_int dropscanidx = 0; |
static u_int dropscanidx = 0; |
| u_int i; |
u_int i; |
| u_int median_ttl; |
struct ipq *fp, *nfp; |
| int s = splsoftnet(); |
int s = splsoftnet(); |
| |
|
| IPQ_LOCK(); |
IPQ_LOCK(); |
| |
for (i = 0; i < IPREASS_NHASH; i++) { |
| /* Age TTL of all fragments by 1 tick .*/ |
for (fp = LIST_FIRST(&ipq[i]); fp != NULL; fp = nfp) { |
| median_ttl = ip_reass_ttl_decr(1); |
nfp = LIST_NEXT(fp, ipq_q); |
| |
if (--fp->ipq_ttl == 0) { |
| /* make sure fragment limit is up-to-date */ |
ipstat.ips_fragtimeout++; |
| CHECK_NMBCLUSTER_PARAMS(); |
ip_freef(fp); |
| |
} |
| /* If we have too many fragments, drop the older half. */ |
} |
| if (ip_nfrags > ip_maxfrags) |
} |
| ip_reass_ttl_decr(median_ttl); |
|
| |
|
| /* |
/* |
| * If we are over the maximum number of fragmented packets |
* If we are over the maximum number of fragments |
| * (due to the limit being lowered), drain off |
* (due to the limit being lowered), drain off |
| * enough to get down to the new limit. Start draining |
* enough to get down to the new limit. Start draining |
| * from the reassembly hashqueue most recently drained. |
* from the reassembly hashqueue most recently drained. |
|
|
| void |
void |
| ip_drain() |
ip_drain() |
| { |
{ |
| |
int i; |
| |
|
| /* |
/* |
| * We may be called from a device's interrupt context. If |
* We may be called from a device's interrupt context. If |
|
|
| if (ipq_lock_try() == 0) |
if (ipq_lock_try() == 0) |
| return; |
return; |
| |
|
| /* |
for (i = 0; i < IPREASS_NHASH; i++) { |
| * Drop half the total fragments now. If more mbufs are needed, |
struct ipqhead *ipqh = &ipq[i]; |
| * we will be called again soon. |
struct ipq *fp, *nfp; |
| */ |
for (fp = LIST_FIRST(ipqh); fp != NULL; fp = nfp) { |
| ip_reass_drophalf(); |
nfp = LIST_NEXT(fp, ipq_q); |
| |
ip_freef(fp); |
| |
ipstat.ips_fragdropped++; |
| |
} |
| |
} |
| |
|
| IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
| } |
} |
| Line 1517 ip_dooptions(m) |
|
| Line 1381 ip_dooptions(m) |
|
| bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
| sizeof(ipaddr.sin_addr)); |
sizeof(ipaddr.sin_addr)); |
| if (opt == IPOPT_SSRR) |
if (opt == IPOPT_SSRR) |
| ia = ifatoia(ifa_ifwithladdr(sintosa(&ipaddr))); |
ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))); |
| else |
else |
| ia = ip_rtaddr(ipaddr.sin_addr); |
ia = ip_rtaddr(ipaddr.sin_addr); |
| if (ia == 0) { |
if (ia == 0) { |
| Line 2168 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
| Line 2032 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
| { |
{ |
| extern int subnetsarelocal, hostzeroisbroadcast; |
extern int subnetsarelocal, hostzeroisbroadcast; |
| |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT, |
| CTLFLAG_PERMANENT, |
|
| CTLTYPE_NODE, "net", NULL, |
CTLTYPE_NODE, "net", NULL, |
| NULL, 0, NULL, 0, |
NULL, 0, NULL, 0, |
| CTL_NET, CTL_EOL); |
CTL_NET, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT, |
| CTLFLAG_PERMANENT, |
CTLTYPE_NODE, "inet", NULL, |
| CTLTYPE_NODE, "inet", |
|
| SYSCTL_DESCR("PF_INET related settings"), |
|
| NULL, 0, NULL, 0, |
NULL, 0, NULL, 0, |
| CTL_NET, PF_INET, CTL_EOL); |
CTL_NET, PF_INET, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT, |
| CTLFLAG_PERMANENT, |
CTLTYPE_NODE, "ip", NULL, |
| CTLTYPE_NODE, "ip", |
|
| SYSCTL_DESCR("IPv4 related settings"), |
|
| NULL, 0, NULL, 0, |
NULL, 0, NULL, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL); |
CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL); |
| |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "forwarding", NULL, |
| CTLTYPE_INT, "forwarding", |
|
| SYSCTL_DESCR("Enable forwarding of INET datagrams"), |
|
| NULL, 0, &ipforwarding, 0, |
NULL, 0, &ipforwarding, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_FORWARDING, CTL_EOL); |
IPCTL_FORWARDING, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "redirect", NULL, |
| CTLTYPE_INT, "redirect", |
|
| SYSCTL_DESCR("Enable sending of ICMP redirect messages"), |
|
| NULL, 0, &ipsendredirects, 0, |
NULL, 0, &ipsendredirects, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_SENDREDIRECTS, CTL_EOL); |
IPCTL_SENDREDIRECTS, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "ttl", NULL, |
| CTLTYPE_INT, "ttl", |
|
| SYSCTL_DESCR("Default TTL for an INET datagram"), |
|
| NULL, 0, &ip_defttl, 0, |
NULL, 0, &ip_defttl, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_DEFTTL, CTL_EOL); |
IPCTL_DEFTTL, CTL_EOL); |
| #ifdef IPCTL_DEFMTU |
#ifdef IPCTL_DEFMTU |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT /* |SYSCTL_READWRITE? */, |
| CTLFLAG_PERMANENT /* |CTLFLAG_READWRITE? */, |
CTLTYPE_INT, "mtu", NULL, |
| CTLTYPE_INT, "mtu", |
|
| SYSCTL_DESCR("Default MTA for an INET route"), |
|
| NULL, 0, &ip_mtu, 0, |
NULL, 0, &ip_mtu, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_DEFMTU, CTL_EOL); |
IPCTL_DEFMTU, CTL_EOL); |
| #endif /* IPCTL_DEFMTU */ |
#endif /* IPCTL_DEFMTU */ |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READONLY1, |
| CTLFLAG_PERMANENT|CTLFLAG_READONLY1, |
CTLTYPE_INT, "forwsrcrt", NULL, |
| CTLTYPE_INT, "forwsrcrt", |
|
| SYSCTL_DESCR("Enable forwarding of source-routed " |
|
| "datagrams"), |
|
| NULL, 0, &ip_forwsrcrt, 0, |
NULL, 0, &ip_forwsrcrt, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_FORWSRCRT, CTL_EOL); |
IPCTL_FORWSRCRT, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "directed-broadcast", NULL, |
| CTLTYPE_INT, "directed-broadcast", |
|
| SYSCTL_DESCR("Enable forwarding of broadcast datagrams"), |
|
| NULL, 0, &ip_directedbcast, 0, |
NULL, 0, &ip_directedbcast, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_DIRECTEDBCAST, CTL_EOL); |
IPCTL_DIRECTEDBCAST, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "allowsrcrt", NULL, |
| CTLTYPE_INT, "allowsrcrt", |
|
| SYSCTL_DESCR("Accept source-routed datagrams"), |
|
| NULL, 0, &ip_allowsrcrt, 0, |
NULL, 0, &ip_allowsrcrt, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_ALLOWSRCRT, CTL_EOL); |
IPCTL_ALLOWSRCRT, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "subnetsarelocal", NULL, |
| CTLTYPE_INT, "subnetsarelocal", |
|
| SYSCTL_DESCR("Whether logical subnets are considered " |
|
| "local"), |
|
| NULL, 0, &subnetsarelocal, 0, |
NULL, 0, &subnetsarelocal, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_SUBNETSARELOCAL, CTL_EOL); |
IPCTL_SUBNETSARELOCAL, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "mtudisc", NULL, |
| CTLTYPE_INT, "mtudisc", |
|
| SYSCTL_DESCR("Use RFC1191 Path MTU Discovery"), |
|
| NULL, 0, &ip_mtudisc, 0, |
NULL, 0, &ip_mtudisc, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_MTUDISC, CTL_EOL); |
IPCTL_MTUDISC, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "anonportmin", NULL, |
| CTLTYPE_INT, "anonportmin", |
|
| SYSCTL_DESCR("Lowest ephemeral port number to assign"), |
|
| sysctl_net_inet_ip_ports, 0, &anonportmin, 0, |
sysctl_net_inet_ip_ports, 0, &anonportmin, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_ANONPORTMIN, CTL_EOL); |
IPCTL_ANONPORTMIN, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "anonportmax", NULL, |
| CTLTYPE_INT, "anonportmax", |
|
| SYSCTL_DESCR("Highest ephemeral port number to assign"), |
|
| sysctl_net_inet_ip_ports, 0, &anonportmax, 0, |
sysctl_net_inet_ip_ports, 0, &anonportmax, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_ANONPORTMAX, CTL_EOL); |
IPCTL_ANONPORTMAX, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "mtudisctimeout", NULL, |
| CTLTYPE_INT, "mtudisctimeout", |
|
| SYSCTL_DESCR("Lifetime of a Path MTU Discovered route"), |
|
| sysctl_net_inet_ip_pmtudto, 0, &ip_mtudisc_timeout, 0, |
sysctl_net_inet_ip_pmtudto, 0, &ip_mtudisc_timeout, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_MTUDISCTIMEOUT, CTL_EOL); |
IPCTL_MTUDISCTIMEOUT, CTL_EOL); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxflows", NULL, |
| CTLTYPE_INT, "maxflows", |
|
| SYSCTL_DESCR("Number of flows for fast forwarding"), |
|
| sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, |
sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_MAXFLOWS, CTL_EOL); |
IPCTL_MAXFLOWS, CTL_EOL); |
| #endif /* GATEWAY */ |
#endif /* GATEWAY */ |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "hostzerobroadcast", NULL, |
| CTLTYPE_INT, "hostzerobroadcast", |
|
| SYSCTL_DESCR("All zeroes address is broadcast address"), |
|
| NULL, 0, &hostzeroisbroadcast, 0, |
NULL, 0, &hostzeroisbroadcast, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_HOSTZEROBROADCAST, CTL_EOL); |
IPCTL_HOSTZEROBROADCAST, CTL_EOL); |
| #if NGIF > 0 |
#if NGIF > 0 |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "gifttl", NULL, |
| CTLTYPE_INT, "gifttl", |
|
| SYSCTL_DESCR("Default TTL for a gif tunnel datagram"), |
|
| NULL, 0, &ip_gif_ttl, 0, |
NULL, 0, &ip_gif_ttl, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_GIF_TTL, CTL_EOL); |
IPCTL_GIF_TTL, CTL_EOL); |
| #endif /* NGIF */ |
#endif /* NGIF */ |
| #ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "lowportmin", NULL, |
| CTLTYPE_INT, "lowportmin", |
|
| SYSCTL_DESCR("Lowest privileged ephemeral port number " |
|
| "to assign"), |
|
| sysctl_net_inet_ip_ports, 0, &lowportmin, 0, |
sysctl_net_inet_ip_ports, 0, &lowportmin, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_LOWPORTMIN, CTL_EOL); |
IPCTL_LOWPORTMIN, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "lowportmax", NULL, |
| CTLTYPE_INT, "lowportmax", |
|
| SYSCTL_DESCR("Highest privileged ephemeral port number " |
|
| "to assign"), |
|
| sysctl_net_inet_ip_ports, 0, &lowportmax, 0, |
sysctl_net_inet_ip_ports, 0, &lowportmax, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_LOWPORTMAX, CTL_EOL); |
IPCTL_LOWPORTMAX, CTL_EOL); |
| #endif /* IPNOPRIVPORTS */ |
#endif /* IPNOPRIVPORTS */ |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxfragpackets", NULL, |
| CTLTYPE_INT, "maxfragpackets", |
|
| SYSCTL_DESCR("Maximum number of fragments to retain for " |
|
| "possible reassembly"), |
|
| NULL, 0, &ip_maxfragpackets, 0, |
NULL, 0, &ip_maxfragpackets, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_MAXFRAGPACKETS, CTL_EOL); |
IPCTL_MAXFRAGPACKETS, CTL_EOL); |
| #if NGRE > 0 |
#if NGRE > 0 |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "grettl", NULL, |
| CTLTYPE_INT, "grettl", |
|
| SYSCTL_DESCR("Default TTL for a gre tunnel datagram"), |
|
| NULL, 0, &ip_gre_ttl, 0, |
NULL, 0, &ip_gre_ttl, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_GRE_TTL, CTL_EOL); |
IPCTL_GRE_TTL, CTL_EOL); |
| #endif /* NGRE */ |
#endif /* NGRE */ |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "checkinterface", NULL, |
| CTLTYPE_INT, "checkinterface", |
|
| SYSCTL_DESCR("Enable receive side of Strong ES model " |
|
| "from RFC1122"), |
|
| NULL, 0, &ip_checkinterface, 0, |
NULL, 0, &ip_checkinterface, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_CHECKINTERFACE, CTL_EOL); |
IPCTL_CHECKINTERFACE, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(SYSCTL_PERMANENT|SYSCTL_READWRITE, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "random_id", NULL, |
| CTLTYPE_INT, "random_id", |
|
| SYSCTL_DESCR("Assign random ip_id values"), |
|
| NULL, 0, &ip_do_randomid, 0, |
NULL, 0, &ip_do_randomid, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_RANDOMID, CTL_EOL); |
IPCTL_RANDOMID, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "do_loopback_cksum", |
|
| SYSCTL_DESCR("Perform IP checksum on loopback"), |
|
| NULL, 0, &ip_do_loopback_cksum, 0, |
|
| CTL_NET, PF_INET, IPPROTO_IP, |
|
| IPCTL_LOOPBACKCKSUM, CTL_EOL); |
|
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet