Date: Sun, 2 Jan 2005 01:50:57 +0000 (UTC) From: Mike Silbersack <silby@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet in_pcb.c in_pcb.h ip_input.c ip_var.h Message-ID: <200501020150.j021ovpg071890@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
silby 2005-01-02 01:50:57 UTC
FreeBSD src repository
Modified files:
sys/netinet in_pcb.c in_pcb.h ip_input.c ip_var.h
Log:
Port randomization leads to extremely fast port reuse at high
connection rates, which is causing problems for some users.
To retain the security advantage of random ports and ensure
correct operation for high connection rate users, disable
port randomization during periods of high connection rates.
Whenever the connection rate exceeds randomcps (10 by default),
randomization will be disabled for randomtime (45 by default)
seconds. These thresholds may be tuned via sysctl.
Many thanks to Igor Sysoev, who proved the necessity of this
change and tested many preliminary versions of the patch.
MFC After: 20 seconds
Revision Changes Path
1.157 +52 -4 src/sys/netinet/in_pcb.c
1.79 +2 -0 src/sys/netinet/in_pcb.h
1.293 +14 -0 src/sys/netinet/ip_input.c
1.93 +1 -0 src/sys/netinet/ip_var.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501020150.j021ovpg071890>