Make the rc.conf(5) 'log_in_vain' knob an integer.
Try this out in -CURRENT, MFC, and then consider dropping the 'log_in_vain' knob all together. It really is something for sysctl.conf(5). PR: bin/32953 Reviewed by: -bugs discussion MFC after: 1 week
This commit is contained in:
cjc
parent
4eb07053cc
commit
f07bfdc654
@ -79,7 +79,7 @@ ipfs_enable="NO" # Set to YES to enable saving and restoring
|
||||
ipfs_program="/sbin/ipfs" # where the ipfs program lives
|
||||
ipfs_flags="" # additional flags for ipfs
|
||||
tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions.
|
||||
log_in_vain="NO" # YES to log connects to ports w/o listeners.
|
||||
log_in_vain="0" # >=1 to log connects to ports w/o listeners.
|
||||
tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
|
||||
# For the following two options, you need to have TCP_DROP_SYNFIN and
|
||||
# TCP_RESTRICT_RST set in your kernel. Please refer to LINT for details.
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -846,14 +846,23 @@ network_pass4() {
|
||||
echo -n 'Additional TCP options:'
|
||||
case ${log_in_vain} in
|
||||
[Nn][Oo] | '')
|
||||
log_in_vain=0
|
||||
;;
|
||||
[Yy][Ee][Ss])
|
||||
log_in_vain=1
|
||||
;;
|
||||
[0-9]*)
|
||||
;;
|
||||
*)
|
||||
echo -n ' log_in_vain=YES'
|
||||
sysctl net.inet.tcp.log_in_vain=1 >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain=1 >/dev/null
|
||||
echo " invalid log_in_vain setting: ${log_in_vain}"
|
||||
log_in_vain=0
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
|
||||
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
|
||||
|
||||
echo '.'
|
||||
network_pass4_done=YES
|
||||
}
|
||||
|
||||
@ -503,12 +503,19 @@ or other weird behavior.
|
||||
Some network devices are known
|
||||
to be broken with respect to these options.
|
||||
.It Va log_in_vain
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq NO
|
||||
by default.
|
||||
Setting to YES will enable logging of connection attempts to ports that
|
||||
have no listening socket on them.
|
||||
.Pq Vt int
|
||||
Set to 0 by default.
|
||||
The
|
||||
.Xr sysctl 8
|
||||
variables,
|
||||
.Sy net.inet.tcp.log_in_vain
|
||||
and
|
||||
.Sy net.inet.udp.log_in_vain
|
||||
as described in
|
||||
.Xr tcp 4
|
||||
and
|
||||
.Xr udp 4 ,
|
||||
are set to the given value.
|
||||
.It Va tcp_keepalive
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
@ -1876,6 +1883,8 @@ Flags for
|
||||
.Xr info 1 ,
|
||||
.Xr makewhatis 1 ,
|
||||
.Xr vidcontrol 1 ,
|
||||
.Xr tcp 4 ,
|
||||
.Xr udp 4 ,
|
||||
.Xr exports 5 ,
|
||||
.Xr motd 5 ,
|
||||
.Xr accton 8 ,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user