From f07bfdc654e2880d05a53a80682f5d5057d8e6c4 Mon Sep 17 00:00:00 2001
From: cjc <cjc@FreeBSD.org>
Date: Sat, 26 Jan 2002 09:05:13 +0000
Subject: [PATCH] Make the rc.conf(5) 'log_in_vain' knob an integer.

Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR:		bin/32953
Reviewed by:	-bugs discussion
MFC after:	1 week
---
 etc/defaults/rc.conf     |  2 +-
 etc/network.subr         | 15 ++++++++++++---
 etc/rc.d/netoptions      | 15 ++++++++++++---
 etc/rc.d/network1        | 15 ++++++++++++---
 etc/rc.d/network2        | 15 ++++++++++++---
 etc/rc.d/network3        | 15 ++++++++++++---
 etc/rc.d/routing         | 15 ++++++++++++---
 etc/rc.network           | 15 ++++++++++++---
 share/man/man5/rc.conf.5 | 21 +++++++++++++++------
 9 files changed, 100 insertions(+), 28 deletions(-)

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 9d53cae06d95..4444c5d1193b 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -79,7 +79,7 @@ ipfs_enable="NO"		# Set to YES to enable saving and restoring
 ipfs_program="/sbin/ipfs"	# where the ipfs program lives
 ipfs_flags=""			# additional flags for ipfs
 tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
-log_in_vain="NO"		# YES to log connects to ports w/o listeners.
+log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
 tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
 # For the following two options, you need to have TCP_DROP_SYNFIN and
 # TCP_RESTRICT_RST set in your kernel. Please refer to LINT for details.
diff --git a/etc/network.subr b/etc/network.subr
index d6da093ef634..c75d57de8a30 100644
--- a/etc/network.subr
+++ b/etc/network.subr
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index d6da093ef634..c75d57de8a30 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index d6da093ef634..c75d57de8a30 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index d6da093ef634..c75d57de8a30 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index d6da093ef634..c75d57de8a30 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index d6da093ef634..c75d57de8a30 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/etc/rc.network b/etc/rc.network
index d6da093ef634..c75d57de8a30 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -846,14 +846,23 @@ network_pass4() {
 	echo -n 'Additional TCP options:'
 	case ${log_in_vain} in
 	[Nn][Oo] | '')
+		log_in_vain=0
+		;;
+	[Yy][Ee][Ss])
+		log_in_vain=1
+		;;
+	[0-9]*)
 		;;
 	*)
-		echo -n ' log_in_vain=YES'
-		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
-		sysctl net.inet.udp.log_in_vain=1 >/dev/null
+		echo " invalid log_in_vain setting: ${log_in_vain}"
+		log_in_vain=0
 		;;
 	esac
 
+	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
+	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
+	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
+
 	echo '.'
 	network_pass4_done=YES
 }
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 0ec51d94b58d..ee9b1b325749 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -503,12 +503,19 @@ or other weird behavior.
 Some network devices are known
 to be broken with respect to these options.
 .It Va log_in_vain
-.Pq Vt bool
-Set to
-.Dq NO
-by default.
-Setting to YES will enable logging of connection attempts to ports that
-have no listening socket on them.
+.Pq Vt int
+Set to 0 by default.
+The
+.Xr sysctl 8
+variables,
+.Sy net.inet.tcp.log_in_vain
+and
+.Sy net.inet.udp.log_in_vain
+as described in
+.Xr tcp 4
+and
+.Xr udp 4 ,
+are set to the given value.
 .It Va tcp_keepalive
 .Pq Vt bool
 Set to
@@ -1876,6 +1883,8 @@ Flags for
 .Xr info 1 ,
 .Xr makewhatis 1 ,
 .Xr vidcontrol 1 ,
+.Xr tcp 4 ,
+.Xr udp 4 ,
 .Xr exports 5 ,
 .Xr motd 5 ,
 .Xr accton 8 ,