cvs commit: src/sys/netinet in_pcb.c in_pcb.h ip_input.c ip_var.h
Mike Silbersack
silby at FreeBSD.org
Sun Jan 2 01:50:58 GMT 2005
silby 2005-01-02 01:50:57 UTC
FreeBSD src repository
Modified files:
sys/netinet in_pcb.c in_pcb.h ip_input.c ip_var.h
Log:
Port randomization leads to extremely fast port reuse at high
connection rates, which is causing problems for some users.
To retain the security advantage of random ports and ensure
correct operation for high connection rate users, disable
port randomization during periods of high connection rates.
Whenever the connection rate exceeds randomcps (10 by default),
randomization will be disabled for randomtime (45 by default)
seconds. These thresholds may be tuned via sysctl.
Many thanks to Igor Sysoev, who proved the necessity of this
change and tested many preliminary versions of the patch.
MFC After: 20 seconds
Revision Changes Path
1.157 +52 -4 src/sys/netinet/in_pcb.c
1.79 +2 -0 src/sys/netinet/in_pcb.h
1.293 +14 -0 src/sys/netinet/ip_input.c
1.93 +1 -0 src/sys/netinet/ip_var.h
More information about the cvs-src
mailing list