added sysctl ip cmds

commands.c

@@ -266,6 +266,24 @@ Menu iptab[] = {
 	{ "send-redirects", "Send ICMP redirects",	CMPL0 0, 0, 0, 0, ipsysctl },
 	{ "directed-broadcast", "Allow directed broadcasts", CMPL0 0, 0, 0, 0, ipsysctl },
 	{ "multipath",	"Multipath routing",		CMPL0 0, 0, 0, 0, ipsysctl },
+	{ "maxqueue", "Maximum unassembled IP fragments in the fragment queue",      CMPL0 0, 0, 1, 1, ipsysctl  },
+        { "mtudisc", "Enable Path MTU Discovery",       CMPL0 0, 0, 0, 0, ipsysctl },
+        { "mtudisctimeout", "Timeout in seconds for routes added by Path MTU discovery engine", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-timeout", "Seconds after a SA is established before it will expire", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-soft-timeout", "Seconds after a SA is established before being renegotiated", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-allocs", "Maximum IPSEC flows that can use a SA before it expires", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-soft-allocs", "Maximum IPSEC flows a SA uses before renegotiation", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-bytes", "Maximum bytes processed by a security association before it expires", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-soft-bytes", "Maximum bytes a SA processes before renegotiation", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-expire-acquire", "Seconds the kernel allows to dynamically acquire SAs before a request", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-firstuse", "Seconds after security association is first used before it expires", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-soft-firstuse", "Seconds after a SA is first used before it is sent for renegotiation", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-invalid-life", "Lifetime of Embryonic SAs in seconds", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "ipsec-pfs", "Enables Perfect Forward Secrecy when establishing SAs", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "portfirst", "Minimum registered port number for TCP/UDP port allocation", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "porthifirst", "Minimum dynamic/private port number for TCP/UDP port allocation", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "porthilast", "Maximum dynamic/private port number for TCP/UDP port allocation", CMPL0 0, 0, 1, 1, ipsysctl },
+        { "portlast", "Maximum regisrered port number for TCP/UDP port allocation", CMPL0 0, 0, 1, 1, ipsysctl },
 #ifdef notyet
 	{ "default-mtu", "Default interface MTU",	CMPL0 0, 0, 1, 1, ipsysctl },
 #endif

externs.h

@@ -38,6 +38,14 @@ extern HistEvent ev;		/* ev */
 #define	DEFAULT_TTL	64		/* net.inet.ip.defttl */
 #define DEFAULT_MTTL	255		/* net.mpls.ttl */
 #define ESP_UDPENCAP_PORT 4500		/* net.inet.esp.udpencap_port */
+#define DEFAULT_MAXQUEUE 300            /* net.inet.ip.maxqueue */
+#define DEFAULT_MTUDISCTIMEOUT 600      /* net.inet.ip.mtudisctimeout */
+#define DEFAULT_IPSEC_TIMEOUT 86400     /* net.inet.ip.ipsec-timeout */
+#define DEFAULT_IPSEC_SOFT_TIMEOUT 80000 /* net.inet.ip.ipsec-soft-timeout */
+#define DEFAULT_IPSEC_EXPIRE_ACQUIRE 30 /* net.inet.ip.ipsec-expire-acquire */
+#define DEFAULT_IPSEC_FIRSTUSE 7200     /* net.inet.ip.ipsec-firstuse */
+#define DEFAULT_IPSEC_SOFT_FIRSTUSE 3600 /* net.inet.ip.ipsec-soft-firstuse */
+#define DEFAULT_IPSEC_INVALID_LIFE 60   /* net.inet.ip.ipsec-invalid-life */
 
 /* nopt.c */
 #define no_arg		1

sysctl.c

@@ -113,6 +113,24 @@ struct ipsysctl ipsysctls[] = {
 { "multipath",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_MULTIPATH, MIB_STOP, 0 },		0, 1	},
 { "arptimeout",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_ARPTIMEOUT, MIB_STOP, 0 },        DEFAULT_ARPTIMEOUT, 0 },
 { "arpdown",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_ARPDOWN, MIB_STOP, 0 },           DEFAULT_ARPDOWN, 0 },
+{ "maxqueue",           { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_MAXQUEUE, MIB_STOP, 0 },           0, 1    },
+{ "mtudisc",            { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_MTUDISC, MIB_STOP, 0 },           0, 2    },
+{ "mtudisctimeout",     { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_MTUDISCTIMEOUT, MIB_STOP, 0},     DEFAULT_MTUDISCTIMEOUT, 0    },
+{ "ipsec-timeout",      { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_TIMEOUT, MIB_STOP, 0},      DEFAULT_IPSEC_TIMEOUT, 0    },
+{ "ipsec-soft-timeout", { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_SOFT_TIMEOUT, MIB_STOP, 0}, DEFAULT_IPSEC_SOFT_TIMEOUT, 0 },
+{ "ipsec-allocs",       { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_ALLOCATIONS, MIB_STOP, 0}, 0, 0},
+{ "ipsec-soft-allocs",  { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_SOFT_ALLOCATIONS, MIB_STOP, 0}, 0, 0},
+{ "ipsec-bytes",        { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_BYTES, MIB_STOP, 0}, 0, 0 },
+{ "ipsec-soft-bytes",   { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_SOFT_BYTES, MIB_STOP, 0}, 0, 0 },
+{ "ipsec-expire-acquire", { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_EXPIRE_ACQUIRE, MIB_STOP, 0}, DEFAULT_IPSEC_EXPIRE_ACQUIRE, 0 },
+{ "ipsec-firstuse",     { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_EXPIRE_ACQUIRE, MIB_STOP, 0}, DEFAULT_IPSEC_FIRSTUSE, 0 },
+{ "ipsec-soft-firstuse", { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_SOFT_FIRSTUSE, MIB_STOP, 0}, DEFAULT_IPSEC_SOFT_FIRSTUSE, 0 },
+{ "ipsec-invalid-life", { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_EMBRYONIC_SA_TIMEOUT, MIB_STOP, 0}, DEFAULT_IPSEC_INVALID_LIFE, 0 },
+{ "ipsec-pfs",          { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_REQUIRE_PFS, MIB_STOP, 0 },         1, 0 },
+{ "portfirst",          { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_FIRSTAUTO, MIB_STOP, 0 },          1, 0 },
+{ "porthifirst",        { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_HIFIRSTAUTO, MIB_STOP, 0 },        1, 0 },
+{ "portlast",           { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_LASTAUTO, MIB_STOP, 0 },           1, 0 },
+{ "porthilast",         { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_HILASTAUTO, MIB_STOP, 0 },         1, 0 },
 #ifdef notyet
 { "default-mtu",	{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_DEFMTU, MIB_STOP, 0 },		DEFAULT_MTU, 0 },
 #endif