mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-14 22:32:30 +01:00
33b3ac0633
systems (my last change did not mix well with some firewall configurations). As much as I dislike firewalls, this is one thing I I was not prepared to break by default.. :-) Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it. Partly suggested by: pst Reviewed by: wollman
316 lines
11 KiB
C
316 lines
11 KiB
C
/*
|
|
* Copyright (c) 1982, 1986, 1990, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)in.h 8.3 (Berkeley) 1/3/94
|
|
* $Id: in.h,v 1.14 1996/01/19 08:00:57 peter Exp $
|
|
*/
|
|
|
|
#ifndef _NETINET_IN_H_
|
|
#define _NETINET_IN_H_
|
|
|
|
/*
|
|
* Constants and structures defined by the internet system,
|
|
* Per RFC 790, September 1981, and numerous additions.
|
|
*/
|
|
|
|
/*
|
|
* Protocols
|
|
*/
|
|
#define IPPROTO_IP 0 /* dummy for IP */
|
|
#define IPPROTO_ICMP 1 /* control message protocol */
|
|
#define IPPROTO_IGMP 2 /* group mgmt protocol */
|
|
#define IPPROTO_GGP 3 /* gateway^2 (deprecated) */
|
|
#define IPPROTO_IPIP 4 /* IP encapsulation in IP */
|
|
#define IPPROTO_TCP 6 /* tcp */
|
|
#define IPPROTO_EGP 8 /* exterior gateway protocol */
|
|
#define IPPROTO_PUP 12 /* pup */
|
|
#define IPPROTO_UDP 17 /* user datagram protocol */
|
|
#define IPPROTO_IDP 22 /* xns idp */
|
|
#define IPPROTO_TP 29 /* tp-4 w/ class negotiation */
|
|
#define IPPROTO_RSVP 46 /* resource reservation */
|
|
#define IPPROTO_EON 80 /* ISO cnlp */
|
|
#define IPPROTO_ENCAP 98 /* encapsulation header */
|
|
|
|
#define IPPROTO_RAW 255 /* raw IP packet */
|
|
#define IPPROTO_MAX 256
|
|
|
|
|
|
/*
|
|
* Local port number conventions:
|
|
*
|
|
* When a user does a bind(2) or connect(2) with a port number of zero,
|
|
* a non-conflicting local port address is chosen.
|
|
* The default range is IPPORT_RESERVED through
|
|
* IPPORT_USERRESERVED, although that is settable by sysctl.
|
|
*
|
|
* A user may set the IPPROTO_IP option IP_PORTRANGE to change this
|
|
* default assignment range.
|
|
*
|
|
* The value IP_PORTRANGE_DEFAULT causes the default behavior.
|
|
*
|
|
* The value IP_PORTRANGE_HIGH changes the range of candidate port numbers
|
|
* into the "high" range. These are reserved for client outbound connections
|
|
* which do not want to be filtered by any firewalls.
|
|
*
|
|
* The value IP_PORTRANGE_LOW changes the range to the "low" are
|
|
* that is (by convention) restricted to privileged processes. This
|
|
* convention is based on "vouchsafe" principles only. It is only secure
|
|
* if you trust the remote host to restrict these ports.
|
|
*
|
|
* The default range of ports and the high range can be changed by
|
|
* sysctl(3). (net.inet.ip.port{hi}{first,last}_auto)
|
|
*
|
|
* Changing those values has bad security implications if you are
|
|
* using a a stateless firewall that is allowing packets outside of that
|
|
* range in order to allow transparent outgoing connections.
|
|
*
|
|
* Such a firewall configuration will generally depend on the use of these
|
|
* default values. If you change them, you may find your Security
|
|
* Administrator looking for you with a heavy object.
|
|
*/
|
|
|
|
/*
|
|
* Ports < IPPORT_RESERVED are reserved for
|
|
* privileged processes (e.g. root). (IP_PORTRANGE_LOW)
|
|
* Ports > IPPORT_USERRESERVED are reserved
|
|
* for servers, not necessarily privileged. (IP_PORTRANGE_DEFAULT)
|
|
*/
|
|
#define IPPORT_RESERVED 1024
|
|
#define IPPORT_USERRESERVED 5000
|
|
|
|
/*
|
|
* Default local port range to use by setting IP_PORTRANGE_HIGH
|
|
*/
|
|
#define IPPORT_HIFIRSTAUTO 40000
|
|
#define IPPORT_HILASTAUTO 44999
|
|
|
|
/*
|
|
* Internet address (a structure for historical reasons)
|
|
*/
|
|
struct in_addr {
|
|
u_long s_addr;
|
|
};
|
|
|
|
/*
|
|
* Definitions of bits in internet address integers.
|
|
* On subnets, the decomposition of addresses to host and net parts
|
|
* is done according to subnet mask, not the masks here.
|
|
*/
|
|
#define IN_CLASSA(i) (((long)(i) & 0x80000000) == 0)
|
|
#define IN_CLASSA_NET 0xff000000
|
|
#define IN_CLASSA_NSHIFT 24
|
|
#define IN_CLASSA_HOST 0x00ffffff
|
|
#define IN_CLASSA_MAX 128
|
|
|
|
#define IN_CLASSB(i) (((long)(i) & 0xc0000000) == 0x80000000)
|
|
#define IN_CLASSB_NET 0xffff0000
|
|
#define IN_CLASSB_NSHIFT 16
|
|
#define IN_CLASSB_HOST 0x0000ffff
|
|
#define IN_CLASSB_MAX 65536
|
|
|
|
#define IN_CLASSC(i) (((long)(i) & 0xe0000000) == 0xc0000000)
|
|
#define IN_CLASSC_NET 0xffffff00
|
|
#define IN_CLASSC_NSHIFT 8
|
|
#define IN_CLASSC_HOST 0x000000ff
|
|
|
|
#define IN_CLASSD(i) (((long)(i) & 0xf0000000) == 0xe0000000)
|
|
#define IN_CLASSD_NET 0xf0000000 /* These ones aren't really */
|
|
#define IN_CLASSD_NSHIFT 28 /* net and host fields, but */
|
|
#define IN_CLASSD_HOST 0x0fffffff /* routing needn't know. */
|
|
#define IN_MULTICAST(i) IN_CLASSD(i)
|
|
|
|
#define IN_EXPERIMENTAL(i) (((long)(i) & 0xf0000000) == 0xf0000000)
|
|
#define IN_BADCLASS(i) (((long)(i) & 0xf0000000) == 0xf0000000)
|
|
|
|
#define INADDR_ANY (u_long)0x00000000
|
|
#define INADDR_BROADCAST (u_long)0xffffffff /* must be masked */
|
|
#ifndef KERNEL
|
|
#define INADDR_NONE 0xffffffff /* -1 return */
|
|
#endif
|
|
|
|
#define INADDR_UNSPEC_GROUP (u_long)0xe0000000 /* 224.0.0.0 */
|
|
#define INADDR_ALLHOSTS_GROUP (u_long)0xe0000001 /* 224.0.0.1 */
|
|
#define INADDR_MAX_LOCAL_GROUP (u_long)0xe00000ff /* 224.0.0.255 */
|
|
|
|
#define IN_LOOPBACKNET 127 /* official! */
|
|
|
|
/*
|
|
* Socket address, internet style.
|
|
*/
|
|
struct sockaddr_in {
|
|
u_char sin_len;
|
|
u_char sin_family;
|
|
u_short sin_port;
|
|
struct in_addr sin_addr;
|
|
char sin_zero[8];
|
|
};
|
|
|
|
/*
|
|
* Structure used to describe IP options.
|
|
* Used to store options internally, to pass them to a process,
|
|
* or to restore options retrieved earlier.
|
|
* The ip_dst is used for the first-hop gateway when using a source route
|
|
* (this gets put into the header proper).
|
|
*/
|
|
struct ip_opts {
|
|
struct in_addr ip_dst; /* first hop, 0 w/o src rt */
|
|
char ip_opts[40]; /* actually variable in size */
|
|
};
|
|
|
|
/*
|
|
* Options for use with [gs]etsockopt at the IP level.
|
|
* First word of comment is data type; bool is stored in int.
|
|
*/
|
|
#define IP_OPTIONS 1 /* buf/ip_opts; set/get IP options */
|
|
#define IP_HDRINCL 2 /* int; header is included with data */
|
|
#define IP_TOS 3 /* int; IP type of service and preced. */
|
|
#define IP_TTL 4 /* int; IP time to live */
|
|
#define IP_RECVOPTS 5 /* bool; receive all IP opts w/dgram */
|
|
#define IP_RECVRETOPTS 6 /* bool; receive IP opts for response */
|
|
#define IP_RECVDSTADDR 7 /* bool; receive IP dst addr w/dgram */
|
|
#define IP_RETOPTS 8 /* ip_opts; set/get IP options */
|
|
#define IP_MULTICAST_IF 9 /* u_char; set/get IP multicast i/f */
|
|
#define IP_MULTICAST_TTL 10 /* u_char; set/get IP multicast ttl */
|
|
#define IP_MULTICAST_LOOP 11 /* u_char; set/get IP multicast loopback */
|
|
#define IP_ADD_MEMBERSHIP 12 /* ip_mreq; add an IP group membership */
|
|
#define IP_DROP_MEMBERSHIP 13 /* ip_mreq; drop an IP group membership */
|
|
#define IP_MULTICAST_VIF 14 /* set/get IP mcast virt. iface */
|
|
#define IP_RSVP_ON 15 /* enable RSVP in kernel */
|
|
#define IP_RSVP_OFF 16 /* disable RSVP in kernel */
|
|
#define IP_RSVP_VIF_ON 17 /* set RSVP per-vif socket */
|
|
#define IP_RSVP_VIF_OFF 18 /* unset RSVP per-vif socket */
|
|
#define IP_PORTRANGE 19 /* int; range to choose for unspec port */
|
|
|
|
/*
|
|
* Defaults and limits for options
|
|
*/
|
|
#define IP_DEFAULT_MULTICAST_TTL 1 /* normally limit m'casts to 1 hop */
|
|
#define IP_DEFAULT_MULTICAST_LOOP 1 /* normally hear sends if a member */
|
|
#define IP_MAX_MEMBERSHIPS 20 /* per socket */
|
|
|
|
/*
|
|
* Argument structure for IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP.
|
|
*/
|
|
struct ip_mreq {
|
|
struct in_addr imr_multiaddr; /* IP multicast address of group */
|
|
struct in_addr imr_interface; /* local IP address of interface */
|
|
};
|
|
|
|
/*
|
|
* Argument for IP_PORTRANGE:
|
|
* - which range to search when port is unspecified at bind() or connect()
|
|
*/
|
|
#define IP_PORTRANGE_DEFAULT 0 /* default range */
|
|
#define IP_PORTRANGE_HIGH 1 /* "high" - request firewall bypass */
|
|
#define IP_PORTRANGE_LOW 2 /* "low" - vouchsafe security */
|
|
|
|
/*
|
|
* Definitions for inet sysctl operations.
|
|
*
|
|
* Third level is protocol number.
|
|
* Fourth level is desired variable within that protocol.
|
|
*/
|
|
#define IPPROTO_MAXID (IPPROTO_IDP + 1) /* don't list to IPPROTO_MAX */
|
|
|
|
#define CTL_IPPROTO_NAMES { \
|
|
{ "ip", CTLTYPE_NODE }, \
|
|
{ "icmp", CTLTYPE_NODE }, \
|
|
{ "igmp", CTLTYPE_NODE }, \
|
|
{ "ggp", CTLTYPE_NODE }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ "tcp", CTLTYPE_NODE }, \
|
|
{ 0, 0 }, \
|
|
{ "egp", CTLTYPE_NODE }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ "pup", CTLTYPE_NODE }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ "udp", CTLTYPE_NODE }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ 0, 0 }, \
|
|
{ "idp", CTLTYPE_NODE }, \
|
|
}
|
|
|
|
/*
|
|
* Names for IP sysctl objects
|
|
*/
|
|
#define IPCTL_FORWARDING 1 /* act as router */
|
|
#define IPCTL_SENDREDIRECTS 2 /* may send redirects when forwarding */
|
|
#define IPCTL_DEFTTL 3 /* default TTL */
|
|
#ifdef notyet
|
|
#define IPCTL_DEFMTU 4 /* default MTU */
|
|
#endif
|
|
#define IPCTL_RTEXPIRE 5 /* cloned route expiration time */
|
|
#define IPCTL_RTMINEXPIRE 6 /* min value for expiration time */
|
|
#define IPCTL_RTMAXCACHE 7 /* trigger level for dynamic expire */
|
|
#define IPCTL_SOURCEROUTE 8 /* may perform source routes */
|
|
#define IPCTL_DIRECTEDBROADCAST 9 /* may re-broadcast received packets */
|
|
#define IPCTL_INTRQMAXLEN 10 /* max length of netisr queue */
|
|
#define IPCTL_INTRQDROPS 11 /* number of netisr q drops */
|
|
#define IPCTL_MAXID 12
|
|
|
|
#define IPCTL_NAMES { \
|
|
{ 0, 0 }, \
|
|
{ "forwarding", CTLTYPE_INT }, \
|
|
{ "redirect", CTLTYPE_INT }, \
|
|
{ "ttl", CTLTYPE_INT }, \
|
|
{ "mtu", CTLTYPE_INT }, \
|
|
{ "rtexpire", CTLTYPE_INT }, \
|
|
{ "rtminexpire", CTLTYPE_INT }, \
|
|
{ "rtmaxcache", CTLTYPE_INT }, \
|
|
{ "sourceroute", CTLTYPE_INT }, \
|
|
{ "directed-broadcast", CTLTYPE_INT }, \
|
|
{ "intr-queue-maxlen", CTLTYPE_INT }, \
|
|
{ "intr-queue-drops", CTLTYPE_INT }, \
|
|
}
|
|
|
|
|
|
#ifdef KERNEL
|
|
struct ifnet; struct mbuf; /* forward declarations for Standard C */
|
|
|
|
int in_broadcast __P((struct in_addr, struct ifnet *));
|
|
int in_canforward __P((struct in_addr));
|
|
int in_cksum __P((struct mbuf *, int));
|
|
int in_localaddr __P((struct in_addr));
|
|
char *inet_ntoa __P((struct in_addr)); /* in libkern */
|
|
#endif
|
|
|
|
#endif
|
|
|