Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.68 retrieving revision 1.132 diff -u -p -r1.68 -r1.132 --- src/sys/netinet/raw_ip.c 2003/05/27 22:36:38 1.68 +++ src/sys/netinet/raw_ip.c 2014/07/09 04:54:04 1.132 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip.c,v 1.68 2003/05/27 22:36:38 itojun Exp $ */ +/* $NetBSD: raw_ip.c,v 1.132 2014/07/09 04:54:04 rtr Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -41,11 +41,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -64,13 +60,20 @@ * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 */ +/* + * Raw interface to IP protocol. + */ + #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.68 2003/05/27 22:36:38 itojun Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.132 2014/07/09 04:54:04 rtr Exp $"); +#include "opt_inet.h" +#include "opt_compat_netbsd.h" #include "opt_ipsec.h" #include "opt_mrouting.h" #include +#include #include #include #include @@ -79,6 +82,7 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 #include #include #include +#include #include #include @@ -87,24 +91,32 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1 #include #include #include +#include #include #include #include +#include #include -#include - #ifdef IPSEC -#include -#endif /*IPSEC*/ +#include +#include +#include +#endif /* IPSEC */ + +#ifdef COMPAT_50 +#include +#endif struct inpcbtable rawcbtable; -int rip_pcbnotify __P((struct inpcbtable *, struct in_addr, - struct in_addr, int, int, void (*) __P((struct inpcb *, int)))); -int rip_bind __P((struct inpcb *, struct mbuf *)); -int rip_connect __P((struct inpcb *, struct mbuf *)); -void rip_disconnect __P((struct inpcb *)); +int rip_pcbnotify(struct inpcbtable *, struct in_addr, + struct in_addr, int, int, void (*)(struct inpcb *, int)); +int rip_bind(struct inpcb *, struct mbuf *); +int rip_connect(struct inpcb *, struct mbuf *); +void rip_disconnect(struct inpcb *); + +static void sysctl_net_inet_raw_setup(struct sysctllog **); /* * Nominal space allocated to a raw ip socket. @@ -112,6 +124,9 @@ void rip_disconnect __P((struct inpcb * #define RIPSNDQ 8192 #define RIPRCVQ 8192 +static u_long rip_sendspace = RIPSNDQ; +static u_long rip_recvspace = RIPRCVQ; + /* * Raw interface to IP protocol. */ @@ -120,31 +135,48 @@ void rip_disconnect __P((struct inpcb * * Initialize raw connection block q. */ void -rip_init() +rip_init(void) { + sysctl_net_inet_raw_setup(NULL); in_pcbinit(&rawcbtable, 1, 1); } +static void +rip_sbappendaddr(struct inpcb *last, struct ip *ip, const struct sockaddr *sa, + int hlen, struct mbuf *opts, struct mbuf *n) +{ + if (last->inp_flags & INP_NOHEADER) + m_adj(n, hlen); + if (last->inp_flags & INP_CONTROLOPTS +#ifdef SO_OTIMESTAMP + || last->inp_socket->so_options & SO_OTIMESTAMP +#endif + || last->inp_socket->so_options & SO_TIMESTAMP) + ip_savecontrol(last, &opts, ip, n); + if (sbappendaddr(&last->inp_socket->so_rcv, sa, n, opts) == 0) { + /* should notify about lost packet */ + m_freem(n); + if (opts) + m_freem(opts); + } else + sorwakeup(last->inp_socket); +} + /* * Setup generic address and protocol structures * for raw_input routine, then pass them along with * mbuf chain. */ void -#if __STDC__ rip_input(struct mbuf *m, ...) -#else -rip_input(m, va_alist) - struct mbuf *m; - va_dcl -#endif { - int proto; + int hlen, proto; struct ip *ip = mtod(m, struct ip *); + struct inpcb_hdr *inph; struct inpcb *inp; - struct inpcb *last = 0; - struct mbuf *opts = 0; + struct inpcb *last = NULL; + struct mbuf *n, *opts = NULL; struct sockaddr_in ripsrc; va_list ap; @@ -153,21 +185,21 @@ rip_input(m, va_alist) proto = va_arg(ap, int); va_end(ap); - ripsrc.sin_family = AF_INET; - ripsrc.sin_len = sizeof(struct sockaddr_in); - ripsrc.sin_addr = ip->ip_src; - ripsrc.sin_port = 0; - bzero((caddr_t)ripsrc.sin_zero, sizeof(ripsrc.sin_zero)); + sockaddr_in_init(&ripsrc, &ip->ip_src, 0); /* * XXX Compatibility: programs using raw IP expect ip_len * XXX to have the header length subtracted, and in host order. * XXX ip_off is also expected to be host order. */ - ip->ip_len = ntohs(ip->ip_len) - (ip->ip_hl << 2); + hlen = ip->ip_hl << 2; + ip->ip_len = ntohs(ip->ip_len) - hlen; NTOHS(ip->ip_off); - CIRCLEQ_FOREACH(inp, &rawcbtable.inpt_queue, inp_queue) { + TAILQ_FOREACH(inph, &rawcbtable.inpt_queue, inph_queue) { + inp = (struct inpcb *)inph; + if (inp->inp_af != AF_INET) + continue; if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto) continue; if (!in_nullhost(inp->inp_laddr) && @@ -176,81 +208,62 @@ rip_input(m, va_alist) if (!in_nullhost(inp->inp_faddr) && !in_hosteq(inp->inp_faddr, ip->ip_src)) continue; - if (last) { - struct mbuf *n; - -#ifdef IPSEC - /* check AH/ESP integrity. */ - if (ipsec4_in_reject_so(m, last->inp_socket)) { - ipsecstat.in_polvio++; - /* do not inject data to pcb */ - } else + if (last == NULL) + ; +#if defined(IPSEC) + /* check AH/ESP integrity. */ + else if (ipsec_used && + ipsec4_in_reject_so(m, last->inp_socket)) { + IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); + /* do not inject data to pcb */ + } #endif /*IPSEC*/ - if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { - if (last->inp_flags & INP_CONTROLOPTS || - last->inp_socket->so_options & SO_TIMESTAMP) - ip_savecontrol(last, &opts, ip, n); - if (sbappendaddr(&last->inp_socket->so_rcv, - sintosa(&ripsrc), n, opts) == 0) { - /* should notify about lost packet */ - m_freem(n); - if (opts) - m_freem(opts); - } else - sorwakeup(last->inp_socket); - opts = NULL; - } + else if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { + rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, + n); + opts = NULL; } last = inp; } -#ifdef IPSEC +#if defined(IPSEC) /* check AH/ESP integrity. */ - if (last && ipsec4_in_reject_so(m, last->inp_socket)) { + if (ipsec_used && last != NULL + && ipsec4_in_reject_so(m, last->inp_socket)) { m_freem(m); - ipsecstat.in_polvio++; - ipstat.ips_delivered--; + IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); + IP_STATDEC(IP_STAT_DELIVERED); /* do not inject data to pcb */ } else #endif /*IPSEC*/ - if (last) { - if (last->inp_flags & INP_CONTROLOPTS || - last->inp_socket->so_options & SO_TIMESTAMP) - ip_savecontrol(last, &opts, ip, m); - if (sbappendaddr(&last->inp_socket->so_rcv, - sintosa(&ripsrc), m, opts) == 0) { - m_freem(m); - if (opts) - m_freem(opts); - } else - sorwakeup(last->inp_socket); - } else { - if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { - icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL, - 0, 0); - ipstat.ips_noproto++; - ipstat.ips_delivered--; - } else - m_freem(m); - } + if (last != NULL) + rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, m); + else if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { + uint64_t *ips; + + icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL, + 0, 0); + ips = IP_STAT_GETREF(); + ips[IP_STAT_NOPROTO]++; + ips[IP_STAT_DELIVERED]--; + IP_STAT_PUTREF(); + } else + m_freem(m); return; } int -rip_pcbnotify(table, faddr, laddr, proto, errno, notify) - struct inpcbtable *table; - struct in_addr faddr, laddr; - int proto; - int errno; - void (*notify) __P((struct inpcb *, int)); +rip_pcbnotify(struct inpcbtable *table, + struct in_addr faddr, struct in_addr laddr, int proto, int errno, + void (*notify)(struct inpcb *, int)) { - struct inpcb *inp, *ninp; + struct inpcb_hdr *inph, *ninph; int nmatch; nmatch = 0; - for (inp = CIRCLEQ_FIRST(&table->inpt_queue); - inp != (struct inpcb *)&table->inpt_queue; - inp = ninp) { - ninp = inp->inp_queue.cqe_next; + TAILQ_FOREACH_SAFE(inph, &table->inpt_queue, inph_queue, ninph) { + struct inpcb *inp = (struct inpcb *)inph; + if (inp->inp_af != AF_INET) + continue; if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto) continue; if (in_hosteq(inp->inp_faddr, faddr) && @@ -264,13 +277,10 @@ rip_pcbnotify(table, faddr, laddr, proto } void * -rip_ctlinput(cmd, sa, v) - int cmd; - struct sockaddr *sa; - void *v; +rip_ctlinput(int cmd, const struct sockaddr *sa, void *v) { struct ip *ip = v; - void (*notify) __P((struct inpcb *, int)) = in_rtchange; + void (*notify)(struct inpcb *, int) = in_rtchange; int errno; if (sa->sa_family != AF_INET || @@ -286,12 +296,12 @@ rip_ctlinput(cmd, sa, v) else if (errno == 0) return NULL; if (ip) { - rip_pcbnotify(&rawcbtable, satosin(sa)->sin_addr, + rip_pcbnotify(&rawcbtable, satocsin(sa)->sin_addr, ip->ip_src, ip->ip_p, errno, notify); /* XXX mapped address case */ } else - in_pcbnotifyall(&rawcbtable, satosin(sa)->sin_addr, errno, + in_pcbnotifyall(&rawcbtable, satocsin(sa)->sin_addr, errno, notify); return NULL; } @@ -301,13 +311,7 @@ rip_ctlinput(cmd, sa, v) * Tack on options user may have setup with control call. */ int -#if __STDC__ rip_output(struct mbuf *m, ...) -#else -rip_output(m, va_alist) - struct mbuf *m; - va_dcl -#endif { struct inpcb *inp; struct ip *ip; @@ -372,55 +376,62 @@ rip_output(m, va_alist) } HTONS(ip->ip_len); HTONS(ip->ip_off); - if (ip->ip_id == 0) - ip->ip_id = htons(ip_id++); + if (ip->ip_id != 0 || m->m_pkthdr.len < IP_MINFRAGSIZE) + flags |= IP_NOIPNEWID; opts = NULL; /* XXX prevent ip_output from overwriting header fields */ flags |= IP_RAWOUTPUT; - ipstat.ips_rawout++; - } -#ifdef IPSEC - if (ipsec_setsocket(m, inp->inp_socket) != 0) { - m_freem(m); - return ENOBUFS; + IP_STATINC(IP_STAT_RAWOUT); } -#endif /*IPSEC*/ - return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions, - &inp->inp_errormtu)); + + /* + * IP output. Note: if IP_RETURNMTU flag is set, the MTU size + * will be stored in inp_errormtu. + */ + return ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions, + inp->inp_socket); } /* * Raw IP socket option processing. */ int -rip_ctloutput(op, so, level, optname, m) - int op; - struct socket *so; - int level, optname; - struct mbuf **m; +rip_ctloutput(int op, struct socket *so, struct sockopt *sopt) { struct inpcb *inp = sotoinpcb(so); int error = 0; + int optval; - if (level != IPPROTO_IP) { - error = ENOPROTOOPT; - if (op == PRCO_SETOPT && *m != 0) - (void) m_free(*m); - } else switch (op) { + if (sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_NOHEADER) { + if (op == PRCO_GETOPT) { + optval = (inp->inp_flags & INP_NOHEADER) ? 1 : 0; + error = sockopt_set(sopt, &optval, sizeof(optval)); + } else if (op == PRCO_SETOPT) { + error = sockopt_getint(sopt, &optval); + if (error) + goto out; + if (optval) { + inp->inp_flags &= ~INP_HDRINCL; + inp->inp_flags |= INP_NOHEADER; + } else + inp->inp_flags &= ~INP_NOHEADER; + } + goto out; + } else if (sopt->sopt_level != IPPROTO_IP) + return ip_ctloutput(op, so, sopt); + + switch (op) { case PRCO_SETOPT: - switch (optname) { + switch (sopt->sopt_name) { case IP_HDRINCL: - if (*m == 0 || (*m)->m_len < sizeof (int)) - error = EINVAL; - else { - if (*mtod(*m, int *)) - inp->inp_flags |= INP_HDRINCL; - else - inp->inp_flags &= ~INP_HDRINCL; - } - if (*m != 0) - (void) m_free(*m); + error = sockopt_getint(sopt, &optval); + if (error) + break; + if (optval) + inp->inp_flags |= INP_HDRINCL; + else + inp->inp_flags &= ~INP_HDRINCL; break; #ifdef MROUTING @@ -431,54 +442,55 @@ rip_ctloutput(op, so, level, optname, m) case MRT_ADD_MFC: case MRT_DEL_MFC: case MRT_ASSERT: - error = ip_mrouter_set(so, optname, m); + case MRT_API_CONFIG: + case MRT_ADD_BW_UPCALL: + case MRT_DEL_BW_UPCALL: + error = ip_mrouter_set(so, sopt); break; #endif default: - error = ip_ctloutput(op, so, level, optname, m); + error = ip_ctloutput(op, so, sopt); break; } break; case PRCO_GETOPT: - switch (optname) { + switch (sopt->sopt_name) { case IP_HDRINCL: - *m = m_get(M_WAIT, MT_SOOPTS); - MCLAIM((*m), so->so_mowner); - (*m)->m_len = sizeof (int); - *mtod(*m, int *) = inp->inp_flags & INP_HDRINCL ? 1 : 0; + optval = inp->inp_flags & INP_HDRINCL; + error = sockopt_set(sopt, &optval, sizeof(optval)); break; #ifdef MROUTING case MRT_VERSION: case MRT_ASSERT: - error = ip_mrouter_get(so, optname, m); + case MRT_API_SUPPORT: + case MRT_API_CONFIG: + error = ip_mrouter_get(so, sopt); break; #endif default: - error = ip_ctloutput(op, so, level, optname, m); + error = ip_ctloutput(op, so, sopt); break; } break; } - return (error); + out: + return error; } int -rip_bind(inp, nam) - struct inpcb *inp; - struct mbuf *nam; +rip_bind(struct inpcb *inp, struct mbuf *nam) { struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); if (nam->m_len != sizeof(*addr)) return (EINVAL); - if (TAILQ_FIRST(&ifnet) == 0) + if (!IFNET_FIRST()) return (EADDRNOTAVAIL); - if (addr->sin_family != AF_INET && - addr->sin_family != AF_IMPLINK) + if (addr->sin_family != AF_INET) return (EAFNOSUPPORT); if (!in_nullhost(addr->sin_addr) && ifa_ifwithaddr(sintosa(addr)) == 0) @@ -488,102 +500,145 @@ rip_bind(inp, nam) } int -rip_connect(inp, nam) - struct inpcb *inp; - struct mbuf *nam; +rip_connect(struct inpcb *inp, struct mbuf *nam) { struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); if (nam->m_len != sizeof(*addr)) return (EINVAL); - if (TAILQ_FIRST(&ifnet) == 0) + if (!IFNET_FIRST()) return (EADDRNOTAVAIL); - if (addr->sin_family != AF_INET && - addr->sin_family != AF_IMPLINK) + if (addr->sin_family != AF_INET) return (EAFNOSUPPORT); inp->inp_faddr = addr->sin_addr; return (0); } void -rip_disconnect(inp) - struct inpcb *inp; +rip_disconnect(struct inpcb *inp) { inp->inp_faddr = zeroin_addr; } -u_long rip_sendspace = RIPSNDQ; -u_long rip_recvspace = RIPRCVQ; +static int +rip_attach(struct socket *so, int proto) +{ + struct inpcb *inp; + int error; + + KASSERT(sotoinpcb(so) == NULL); + sosetlock(so); -/*ARGSUSED*/ -int -rip_usrreq(so, req, m, nam, control, p) - struct socket *so; - int req; - struct mbuf *m, *nam, *control; - struct proc *p; + if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { + error = soreserve(so, rip_sendspace, rip_recvspace); + if (error) { + return error; + } + } + + error = in_pcballoc(so, &rawcbtable); + if (error) { + return error; + } + inp = sotoinpcb(so); + inp->inp_ip.ip_p = proto; + KASSERT(solocked(so)); + + return 0; +} + +static void +rip_detach(struct socket *so) { struct inpcb *inp; - int s; - int error = 0; + + KASSERT(solocked(so)); + inp = sotoinpcb(so); + KASSERT(inp != NULL); + #ifdef MROUTING extern struct socket *ip_mrouter; + if (so == ip_mrouter) { + ip_mrouter_done(); + } #endif + in_pcbdetach(inp); +} + +static int +rip_ioctl(struct socket *so, u_long cmd, void *nam, struct ifnet *ifp) +{ + return in_control(so, cmd, nam, ifp); +} + +static int +rip_stat(struct socket *so, struct stat *ub) +{ + KASSERT(solocked(so)); + + /* stat: don't bother with a blocksize. */ + return 0; +} + +static int +rip_peeraddr(struct socket *so, struct mbuf *nam) +{ + KASSERT(solocked(0)); + KASSERT(sotoinpcb(so) != NULL); + KASSERT(nam != NULL); - if (req == PRU_CONTROL) - return (in_control(so, (long)m, (caddr_t)nam, - (struct ifnet *)control, p)); + in_setpeeraddr(sotoinpcb(so), nam); + return 0; +} +static int +rip_sockaddr(struct socket *so, struct mbuf *nam) +{ + KASSERT(solocked(0)); + KASSERT(sotoinpcb(so) != NULL); + KASSERT(nam != NULL); + + in_setsockaddr(sotoinpcb(so), nam); + return 0; +} + +int +rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, + struct mbuf *control, struct lwp *l) +{ + struct inpcb *inp; + int s, error = 0; + + KASSERT(req != PRU_ATTACH); + KASSERT(req != PRU_DETACH); + KASSERT(req != PRU_CONTROL); + KASSERT(req != PRU_SENSE); + KASSERT(req != PRU_PEERADDR); + KASSERT(req != PRU_SOCKADDR); + + s = splsoftnet(); if (req == PRU_PURGEIF) { + mutex_enter(softnet_lock); in_pcbpurgeif0(&rawcbtable, (struct ifnet *)control); in_purgeif((struct ifnet *)control); in_pcbpurgeif(&rawcbtable, (struct ifnet *)control); - return (0); + mutex_exit(softnet_lock); + splx(s); + return 0; } - s = splsoftnet(); + KASSERT(solocked(so)); inp = sotoinpcb(so); -#ifdef DIAGNOSTIC - if (req != PRU_SEND && req != PRU_SENDOOB && control) - panic("rip_usrreq: unexpected control mbuf"); -#endif - if (inp == 0 && req != PRU_ATTACH) { - error = EINVAL; - goto release; + + KASSERT(!control || (req == PRU_SEND || req == PRU_SENDOOB)); + if (inp == NULL) { + splx(s); + return EINVAL; } switch (req) { - case PRU_ATTACH: - if (inp != 0) { - error = EISCONN; - break; - } - if (p == 0 || (error = suser(p->p_ucred, &p->p_acflag))) { - error = EACCES; - break; - } - if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { - error = soreserve(so, rip_sendspace, rip_recvspace); - if (error) - break; - } - error = in_pcballoc(so, &rawcbtable); - if (error) - break; - inp = sotoinpcb(so); - inp->inp_ip.ip_p = (long)nam; - break; - - case PRU_DETACH: -#ifdef MROUTING - if (so == ip_mrouter) - ip_mrouter_done(); -#endif - in_pcbdetach(inp); - break; - case PRU_BIND: error = rip_bind(inp, nam); break; @@ -654,13 +709,6 @@ rip_usrreq(so, req, m, nam, control, p) } break; - case PRU_SENSE: - /* - * stat: don't bother with a blocksize. - */ - splx(s); - return (0); - case PRU_RCVOOB: error = EOPNOTSUPP; break; @@ -671,19 +719,54 @@ rip_usrreq(so, req, m, nam, control, p) error = EOPNOTSUPP; break; - case PRU_SOCKADDR: - in_setsockaddr(inp, nam); - break; - - case PRU_PEERADDR: - in_setpeeraddr(inp, nam); - break; - default: panic("rip_usrreq"); } - -release: splx(s); - return (error); + + return error; +} + +PR_WRAP_USRREQS(rip) +#define rip_attach rip_attach_wrapper +#define rip_detach rip_detach_wrapper +#define rip_ioctl rip_ioctl_wrapper +#define rip_stat rip_stat_wrapper +#define rip_peeraddr rip_peeraddr_wrapper +#define rip_sockaddr rip_sockaddr_wrapper +#define rip_usrreq rip_usrreq_wrapper + +const struct pr_usrreqs rip_usrreqs = { + .pr_attach = rip_attach, + .pr_detach = rip_detach, + .pr_ioctl = rip_ioctl, + .pr_stat = rip_stat, + .pr_peeraddr = rip_peeraddr, + .pr_sockaddr = rip_sockaddr, + .pr_generic = rip_usrreq, +}; + +static void +sysctl_net_inet_raw_setup(struct sysctllog **clog) +{ + + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "inet", NULL, + NULL, 0, NULL, 0, + CTL_NET, PF_INET, CTL_EOL); + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "raw", + SYSCTL_DESCR("Raw IPv4 settings"), + NULL, 0, NULL, 0, + CTL_NET, PF_INET, IPPROTO_RAW, CTL_EOL); + + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_STRUCT, "pcblist", + SYSCTL_DESCR("Raw IPv4 control block list"), + sysctl_inpcblist, 0, &rawcbtable, 0, + CTL_NET, PF_INET, IPPROTO_RAW, + CTL_CREATE, CTL_EOL); }