Date: Tue, 15 Jan 2002 07:38:21 -0800 (PST) From: "idan l." <shadow@tty64.org> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/33923: black hole ignored ports Message-ID: <200201151538.g0FFcLR51705@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 33923
>Category: conf
>Synopsis: black hole ignored ports
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 15 07:40:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: idan l.
>Release: FreeBSD 4.4 stable
>Organization:
none.ltd
>Environment:
FreeBSD shadow.localhost 4.4-STABLE FreeBSD 4.4-
GMT 2002 root@shadow.localhost:/usr/src/sys
>Description:
a new sysctl that will allow the blackhole option to ignore ports such as
111(portmap) 113(identd) this will allow the user to work faster due to the fact that some services such as irc
\check if identd(port 113) is running and the blackhole optino take time till the packet timed out \
>How-To-Repeat:
sysctl net.inet.tcp.blackhole=1
telnet irc.bitchx.org 6667
>Fix:
# the patch contain a new option to sysctl and refer to the file #sys/netinet/tcp_input.c
#I've compiled and test that option and didn't findany problems tho #you should make your own tests before deciding on putting in your #releases
37c37
< #include "opt_ipfw.h"
---
> #include "opt_ipfw.h" /* for ipfw_fwd */
101,119d100
< char blackhole_ig_ports[256];
<
< static int handle_bhole_ig_ports(SYSCTL_HANDLER_ARGS)
< {
< int error;
<
< error = sysctl_handle_string(oidp,blackhole_ig_ports,sizeof(blackhole_ig_ports),
< req);
<
< return error;
< }
<
< SYSCTL_PROC(_net_inet_tcp,OID_AUTO,blackhole_ig_ports,
< CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON,0,0,handle_bhole_ig_ports,
< "A","blackhole ignore ports");
<
< char *strtok(char *,const char*);
< char *strtok_r(char *,const char *,char **);
<
359d339
< char *ptr = 0,temp_str[sizeof(blackhole_ig_ports)+1];
643,657c623,625
<
< if (thflags & TH_SYN) {
<
< strcpy(temp_str,blackhole_ig_ports);
< for(ptr = strtok(temp_str,":")
< ;ptr;ptr = strtok(NULL,":")) {
< if(strtol(ptr,(char **)NULL,10) == ntohs(
< th->th_dport)) goto bhole_continue;
<
< }
<
< goto drop;
< }
<
< break;
---
> if (thflags & TH_SYN)
> goto drop;
> break;
664d631
< bhole_continue:
2968,3034d2934
<
< /* strtok copied from libc (/usr/src/lib/libc/string/strtok.c) */
< char *
< strtok_r(char *s, const char *delim, char **last)
< {
< char *spanp;
< int c, sc;
< char *tok;
< if (s == NULL && (s = *last) == NULL)
< {
< return NULL;
< }
< /*
< * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
< */
< cont:
< c = *s++;
< for (spanp = (char *)delim; (sc = *spanp++) != 0; )
< {
< if (c == sc)
< {
< goto cont;
< }
< }
<
< if (c == 0) /* no non-delimiter characters */
< {
< *last = NULL;
< return NULL;
< }
< tok = s - 1;
< /*
< * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
< * Note that delim must have one NUL; we stop if we see that, too.
< */
< for (;;)
< {
< c = *s++;
< spanp = (char *)delim;
< do
< {
< if ((sc = *spanp++) == c)
< {
< if (c == 0)
< {
< s = NULL;
< }
< else
< {
< char *w = s - 1;
< *w = '\0';
< }
< *last = s;
< return tok;
< }
< }
< while (sc != 0);
< }
< /* NOTREACHED */
< }
< char *
< strtok(char *s, const char *delim)
< {
< static char *last;
< return strtok_r(s, delim, &last);
< }
<
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201151538.g0FFcLR51705>