]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6c56a18) | patch
Port randomization leads to extremely fast port reuse at high
authorMike Silbersack <silby@FreeBSD.org>
Sun, 2 Jan 2005 01:50:57 +0000 (01:50 +0000)
committerMike Silbersack <silby@FreeBSD.org>
Sun, 2 Jan 2005 01:50:57 +0000 (01:50 +0000)
commit5f311da2ccb6c216b79049172be840af4778129a
treed32dcba0ed701ac7af89b0ca15a86f9f0c2cf9adtree | snapshot
parent6c56a1874787465138316f6f0f7fb3468e5dedf3commit | diff
Port randomization leads to extremely fast port reuse at high
connection rates, which is causing problems for some users.

To retain the security advantage of random ports and ensure
correct operation for high connection rate users, disable
port randomization during periods of high connection rates.

Whenever the connection rate exceeds randomcps (10 by default),
randomization will be disabled for randomtime (45 by default)
seconds.  These thresholds may be tuned via sysctl.

Many thanks to Igor Sysoev, who proved the necessity of this
change and tested many preliminary versions of the patch.

MFC After: 20 seconds
sys/netinet/in_pcb.c diff | blob | history
sys/netinet/in_pcb.h diff | blob | history
sys/netinet/ip_input.c diff | blob | history
sys/netinet/ip_var.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.