Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet/tcp_input.c
Show First 20 Lines • Show All 138 Lines • ▼ Show 20 Lines | SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_VNET | CTLFLAG_RW, | ||||
"Log all incoming TCP segments to closed ports"); | "Log all incoming TCP segments to closed ports"); | ||||
VNET_DEFINE(int, blackhole) = 0; | VNET_DEFINE(int, blackhole) = 0; | ||||
#define V_blackhole VNET(blackhole) | #define V_blackhole VNET(blackhole) | ||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_VNET | CTLFLAG_RW, | SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_VNET | CTLFLAG_RW, | ||||
&VNET_NAME(blackhole), 0, | &VNET_NAME(blackhole), 0, | ||||
"Do not send RST on segments to closed ports"); | "Do not send RST on segments to closed ports"); | ||||
VNET_DEFINE(bool, blackhole_local) = false; | |||||
rrs: A boolean should have two values "true" and "false". Yet you use this
V_blackhole =1 or… | |||||
Not Done Inline ActionsHe uses V_blackhole_local only as a boolean variable. This variable is different from V_blackhole. tuexen: He uses `V_blackhole_local` only as a boolean variable. This variable is different from… | |||||
Not Done Inline Actionsahh I see.. got confused by the variables :) rrs: ahh I see.. got confused by the variables :) | |||||
Done Inline ActionsMy boolean is V_blackhole_local. The V_blackhole remains int as it was. glebius: My boolean is V_blackhole_local. The V_blackhole remains int as it was. | |||||
#define V_blackhole_local VNET(blackhole_local) | |||||
SYSCTL_BOOL(_net_inet_tcp, OID_AUTO, blackhole_local, CTLFLAG_VNET | | |||||
CTLFLAG_RW, &VNET_NAME(blackhole_local), false, | |||||
"Enforce net.inet.tcp.blackhole for locally originated packets"); | |||||
VNET_DEFINE(int, tcp_delack_enabled) = 1; | VNET_DEFINE(int, tcp_delack_enabled) = 1; | ||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_VNET | CTLFLAG_RW, | SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_VNET | CTLFLAG_RW, | ||||
&VNET_NAME(tcp_delack_enabled), 0, | &VNET_NAME(tcp_delack_enabled), 0, | ||||
"Delay ACK to try and piggyback it onto a data packet"); | "Delay ACK to try and piggyback it onto a data packet"); | ||||
VNET_DEFINE(int, drop_synfin) = 0; | VNET_DEFINE(int, drop_synfin) = 0; | ||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_VNET | CTLFLAG_RW, | SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_VNET | CTLFLAG_RW, | ||||
&VNET_NAME(drop_synfin), 0, | &VNET_NAME(drop_synfin), 0, | ||||
▲ Show 20 Lines • Show All 775 Lines • ▼ Show 20 Lines | if ((V_tcp_log_in_vain == 1 && (thflags & TH_SYN)) || | ||||
if ((s = tcp_log_vain(NULL, th, (void *)ip, ip6))) | if ((s = tcp_log_vain(NULL, th, (void *)ip, ip6))) | ||||
log(LOG_INFO, "%s; %s: Connection attempt " | log(LOG_INFO, "%s; %s: Connection attempt " | ||||
"to closed port\n", s, __func__); | "to closed port\n", s, __func__); | ||||
} | } | ||||
/* | /* | ||||
* When blackholing do not respond with a RST but | * When blackholing do not respond with a RST but | ||||
* completely ignore the segment and drop it. | * completely ignore the segment and drop it. | ||||
*/ | */ | ||||
if ((V_blackhole == 1 && (thflags & TH_SYN)) || | if (((V_blackhole == 1 && (thflags & TH_SYN)) || | ||||
V_blackhole == 2) | V_blackhole == 2) && (V_blackhole_local || | ||||
#ifdef INET6 | |||||
isipv6 ? !in6_localaddr(&ip6->ip6_src) : | |||||
#endif | |||||
#ifdef INET | |||||
!in_localip(ip->ip_src) | |||||
#else | |||||
true | |||||
#endif | |||||
)) | |||||
goto dropunlock; | goto dropunlock; | ||||
rstreason = BANDLIM_RST_CLOSEDPORT; | rstreason = BANDLIM_RST_CLOSEDPORT; | ||||
goto dropwithreset; | goto dropwithreset; | ||||
} | } | ||||
INP_LOCK_ASSERT(inp); | INP_LOCK_ASSERT(inp); | ||||
/* | /* | ||||
* While waiting for inp lock during the lookup, another thread | * While waiting for inp lock during the lookup, another thread | ||||
▲ Show 20 Lines • Show All 3,162 Lines • Show Last 20 Lines |
A boolean should have two values "true" and "false". Yet you use this
V_blackhole =1 or V_blackhole = 2
I think you need to change it back to an int since its used with multiple values.