From owner-cvs-all@FreeBSD.ORG  Sun Jan  2 01:50:58 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E14ED16A512; Sun,  2 Jan 2005 01:50:57 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id CCEC143D31; Sun,  2 Jan 2005 01:50:57 +0000 (GMT)
	(envelope-from silby@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j021ovM2071891;
	Sun, 2 Jan 2005 01:50:57 GMT
	(envelope-from silby@repoman.freebsd.org)
Received: (from silby@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j021ovpg071890;
	Sun, 2 Jan 2005 01:50:57 GMT
	(envelope-from silby)
Message-Id: <200501020150.j021ovpg071890@repoman.freebsd.org>
From: Mike Silbersack <silby@FreeBSD.org>
Date: Sun, 2 Jan 2005 01:50:57 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/netinet in_pcb.c in_pcb.h ip_input.c ip_var.h
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jan 2005 01:50:58 -0000

silby       2005-01-02 01:50:57 UTC

  FreeBSD src repository

  Modified files:
    sys/netinet          in_pcb.c in_pcb.h ip_input.c ip_var.h 
  Log:
  Port randomization leads to extremely fast port reuse at high
  connection rates, which is causing problems for some users.
  
  To retain the security advantage of random ports and ensure
  correct operation for high connection rate users, disable
  port randomization during periods of high connection rates.
  
  Whenever the connection rate exceeds randomcps (10 by default),
  randomization will be disabled for randomtime (45 by default)
  seconds.  These thresholds may be tuned via sysctl.
  
  Many thanks to Igor Sysoev, who proved the necessity of this
  change and tested many preliminary versions of the patch.
  
  MFC After:      20 seconds
  
  Revision  Changes    Path
  1.157     +52 -4     src/sys/netinet/in_pcb.c
  1.79      +2 -0      src/sys/netinet/in_pcb.h
  1.293     +14 -0     src/sys/netinet/ip_input.c
  1.93      +1 -0      src/sys/netinet/ip_var.h