aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern A. Zeeb <bz@FreeBSD.org>2008-09-07 14:44:55 +0000
committerBjoern A. Zeeb <bz@FreeBSD.org>2008-09-07 14:44:55 +0000
commit4cdf3bedf368469761f13c8533e555b5736593e8 (patch)
treec013d4e869123d1c837725c88522fad003bf6a19
parent068ba60199af0e0d766c2fa4cc363366b8f18fdb (diff)
downloadsrc-4cdf3bedf368469761f13c8533e555b5736593e8.tar.gz
src-4cdf3bedf368469761f13c8533e555b5736593e8.zip
Convert SYSCTL_INTs for tcp_mssdflt and tcp_v6mssdflt to
SYSCTL_PROCs and check that the default mss for neither v4 nor v6 goes below the minimum MSS constant (216). This prevents people from shooting themselves in the foot. PR: kern/118455 (remotely related) Reviewed by: silby (as part of a larger patch in March) MFC after: 2 months
Notes
Notes: svn path=/head/; revision=182846
-rw-r--r--sys/netinet/tcp_subr.c48
1 files changed, 42 insertions, 6 deletions
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index cf7565a60ed0..770dce337670 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -111,14 +111,50 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
int tcp_mssdflt = TCP_MSS;
-SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW,
- &tcp_mssdflt, 0, "Default TCP Maximum Segment Size");
-
#ifdef INET6
int tcp_v6mssdflt = TCP6_MSS;
-SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
- CTLFLAG_RW, &tcp_v6mssdflt , 0,
- "Default TCP Maximum Segment Size for IPv6");
+#endif
+
+static int
+sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
+{
+ int error, new;
+
+ new = tcp_mssdflt;
+ error = sysctl_handle_int(oidp, &new, 0, req);
+ if (error == 0 && req->newptr) {
+ if (new < TCP_MINMSS)
+ error = EINVAL;
+ else
+ tcp_mssdflt = new;
+ }
+ return (error);
+}
+
+SYSCTL_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLTYPE_INT|CTLFLAG_RW,
+ &tcp_mssdflt, 0, &sysctl_net_inet_tcp_mss_check, "I",
+ "Default TCP Maximum Segment Size");
+
+#ifdef INET6
+static int
+sysctl_net_inet_tcp_mss_v6_check(SYSCTL_HANDLER_ARGS)
+{
+ int error, new;
+
+ new = tcp_v6mssdflt;
+ error = sysctl_handle_int(oidp, &new, 0, req);
+ if (error == 0 && req->newptr) {
+ if (new < TCP_MINMSS)
+ error = EINVAL;
+ else
+ tcp_v6mssdflt = new;
+ }
+ return (error);
+}
+
+SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, CTLTYPE_INT|CTLFLAG_RW,
+ &tcp_v6mssdflt, 0, &sysctl_net_inet_tcp_mss_v6_check, "I",
+ "Default TCP Maximum Segment Size for IPv6");
#endif
/*