aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.h
diff options
context:
space:
mode:
authorMike Silbersack <silby@FreeBSD.org>2005-01-02 01:50:57 +0000
committerMike Silbersack <silby@FreeBSD.org>2005-01-02 01:50:57 +0000
commit5f311da2ccb6c216b79049172be840af4778129a (patch)
treed32dcba0ed701ac7af89b0ca15a86f9f0c2cf9ad /sys/netinet/in_pcb.h
parent6c56a1874787465138316f6f0f7fb3468e5dedf3 (diff)
downloadsrc-5f311da2ccb6c216b79049172be840af4778129a.tar.gz
src-5f311da2ccb6c216b79049172be840af4778129a.zip
Port randomization leads to extremely fast port reuse at high
connection rates, which is causing problems for some users. To retain the security advantage of random ports and ensure correct operation for high connection rate users, disable port randomization during periods of high connection rates. Whenever the connection rate exceeds randomcps (10 by default), randomization will be disabled for randomtime (45 by default) seconds. These thresholds may be tuned via sysctl. Many thanks to Igor Sysoev, who proved the necessity of this change and tested many preliminary versions of the patch. MFC After: 20 seconds
Notes
Notes: svn path=/head/; revision=139558
Diffstat (limited to 'sys/netinet/in_pcb.h')
-rw-r--r--sys/netinet/in_pcb.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 2e8228eed391..6983480acdfb 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -333,6 +333,7 @@ extern int ipport_firstauto;
extern int ipport_lastauto;
extern int ipport_hifirstauto;
extern int ipport_hilastauto;
+extern struct callout ipport_tick_callout;
void in_pcbpurgeif0(struct inpcbinfo *, struct ifnet *);
int in_pcballoc(struct socket *, struct inpcbinfo *, const char *);
@@ -362,6 +363,7 @@ struct sockaddr *
in_sockaddr(in_port_t port, struct in_addr *addr);
void in_pcbsosetlabel(struct socket *so);
void in_pcbremlists(struct inpcb *inp);
+void ipport_tick(void *xtp);
#endif /* _KERNEL */
#endif /* !_NETINET_IN_PCB_H_ */