Date: Tue, 4 Mar 2008 19:16:22 +0000 (UTC) From: Rui Paulo <rpaulo@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet in.h in_pcb.c Message-ID: <200803041916.m24JGMci038210@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rpaulo 2008-03-04 19:16:22 UTC
FreeBSD src repository
Modified files:
sys/netinet in.h in_pcb.c
Log:
Change the default port range for outgoing connections by introducing
IPPORT_EPHEMERALFIRST and IPPORT_EPHEMERALLAST with values
10000 and 65535 respectively.
The rationale behind is that it makes the attacker's life more
difficult if he/she wants to guess the ephemeral port range and
also lowers the probability of a port colision (described in
draft-ietf-tsvwg-port-randomization-01.txt).
While there, remove code duplication in in_pcbbind_setup().
Submitted by: Fernando Gont <fernando at gont.com.ar>
Approved by: njl (mentor)
Reviewed by: silby, bms
Discussed on: freebsd-net
Revision Changes Path
1.101 +8 -4 src/sys/netinet/in.h
1.199 +21 -40 src/sys/netinet/in_pcb.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803041916.m24JGMci038210>