d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/netinet
History
Rui Paulo 1cf6e4f5ff Change the default port range for outgoing connections by introducing 
IPPORT_EPHEMERALFIRST and IPPORT_EPHEMERALLAST with values
10000 and 65535 respectively.
The rationale behind is that it makes the attacker's life more
difficult if he/she wants to guess the ephemeral port range and
also lowers the probability of a port colision (described in
draft-ietf-tsvwg-port-randomization-01.txt).

While there, remove code duplication in in_pcbbind_setup().

Submitted by:	Fernando Gont <fernando at gont.com.ar>
Approved by:	njl (mentor)
Reviewed by:	silby, bms
Discussed on:	freebsd-net
2008-03-04 19:16:21 +00:00
..
libalias
Simpler version of the previous commit.
2007-12-06 09:31:13 +00:00
accf_data.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
accf_http.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
icmp6.h
- Disabled responding to NI queries from a global address by default as
2007-05-17 21:20:24 +00:00
icmp_var.h
Attempt to improve feature parity between UDPv4 and UDPv6 by merging
2007-07-19 22:34:25 +00:00
if_atm.c
if_atm.h
if_ether.c
Don't duplicate the whole of arpresolve to arpresolve 2 for the sake
2007-12-31 23:48:06 +00:00
if_ether.h
Don't duplicate the whole of arpresolve to arpresolve 2 for the sake
2007-12-31 23:48:06 +00:00
igmp_var.h
Import rewrite of IPv4 socket multicast layer to support source-specific
2007-06-12 16:24:56 +00:00
igmp.c
Move towards more explicit support for various network protocol stacks
2007-10-28 15:55:23 +00:00
igmp.h
Stub out imported IGMPv3 definitions which clash with those of
2007-06-15 18:59:10 +00:00
in_cksum.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
in_gif.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
in_gif.h
in_mcast.c
Over the past couple of years, there have been a number of reports relating
2007-08-06 22:06:36 +00:00
in_pcb.c
Change the default port range for outgoing connections by introducing
2008-03-04 19:16:21 +00:00
in_pcb.h
Add padding for anticipated functionality
2007-12-07 01:46:13 +00:00
in_proto.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
in_rmx.c
Remove unused structure member from struct in_ifadown_arg.
2008-02-07 11:26:52 +00:00
in_systm.h
in_var.h
Import rewrite of IPv4 socket multicast layer to support source-specific
2007-06-12 16:24:56 +00:00
in.c
Differentiate between addifaddr and delifaddr for the privilege check.
2008-01-24 08:14:38 +00:00
in.h
Change the default port range for outgoing connections by introducing
2008-03-04 19:16:21 +00:00
ip6.h
ip_carp.c
If the vhid already present, return EEXIST instead of
2008-02-07 13:18:59 +00:00
ip_carp.h
Make sure that carp_header is 36 bytes long
2006-12-01 18:37:41 +00:00
ip_divert.c
Merge first in a series of TrustedBSD MAC Framework KPI changes
2007-10-24 19:04:04 +00:00
ip_divert.h
ip_dummynet.c
Dummynet has a limit of 100 slots queue size (or 1MB, if you give
2008-02-27 13:52:33 +00:00
ip_dummynet.h
1) dummynet_io() declaration has changed.
2007-11-06 23:01:42 +00:00
ip_ecn.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
ip_ecn.h
ip_encap.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
ip_encap.h
ip_fastfwd.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
ip_fw2.c
Move ipfw's nat code into its own kld: ipfw_nat.
2008-02-29 22:27:19 +00:00
ip_fw_nat.c
When unloading kld, don't forget to flush the nat pointers.
2008-03-03 22:32:01 +00:00
ip_fw_pfil.c
Raise a bit ipfw kld priority.
2008-03-03 10:12:46 +00:00
ip_fw.h
Move ipfw's nat code into its own kld: ipfw_nat.
2008-02-29 22:27:19 +00:00
ip_gre.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
ip_gre.h
ip_icmp.c
Continue to move from generic network entry points in the TrustedBSD MAC
2007-10-28 17:12:48 +00:00
ip_icmp.h
ip_id.c
Replace the random IP ID generation code we
2008-02-06 15:40:30 +00:00
ip_input.c
Consider the following situation:
2007-12-02 13:00:47 +00:00
ip_ipsec.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
ip_ipsec.h
Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.
2007-08-05 16:16:15 +00:00
ip_mroute.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
ip_mroute.h
Store the cached route in vifp in the normal send_packet() case.
2007-02-08 23:05:08 +00:00
ip_options.c
Replace the last susers calls in netinet6/ with privilege checks.
2008-01-24 08:25:59 +00:00
ip_options.h
Normalize style a bit: reduce pseudo-randomness of comment layout and
2007-05-11 10:48:30 +00:00
ip_output.c
Rather than passing around a cached 'priv', pass in an ucred to
2008-02-02 14:11:31 +00:00
ip_var.h
Import rewrite of IPv4 socket multicast layer to support source-specific
2007-06-12 16:24:56 +00:00
ip.h
Remove IPTOS_CE and IPTOS_ECT constants. They were defined in RFC 2481
2007-10-19 12:46:15 +00:00
ipprotosw.h
pim_var.h
pim.h
raw_ip.c
Merge first in a series of TrustedBSD MAC Framework KPI changes
2007-10-24 19:04:04 +00:00
sctp_asconf.c
- Bug fix managing congestion parameter on immediate
2007-10-01 03:22:29 +00:00
sctp_asconf.h
- Get rid of unsused constants for sysctl variables.
2007-09-15 19:07:42 +00:00
sctp_auth.c
- Fix a bug where the socket may have been closed which
2008-01-28 10:31:12 +00:00
sctp_auth.h
- fix send_failed notification contents
2007-06-09 13:46:57 +00:00
sctp_bsd_addr.c
- Change back to using prioity 0. Which means don't change the
2008-01-28 10:33:41 +00:00
sctp_bsd_addr.h
- Fixes so we won't try to start a timer when we
2007-05-29 09:29:03 +00:00
sctp_cc_functions.c
- Locking compatiability changes. This involves adding
2007-09-08 11:35:11 +00:00
sctp_cc_functions.h
- Added some comments to tell where the htcp
2007-09-10 17:06:25 +00:00
sctp_constants.h
- Change the Time Wait of vtags value to match the cookie-life
2007-10-30 14:09:24 +00:00
sctp_crc32.c
- Copyright change, cisco's silly tool wants it to say:
2007-05-08 17:01:12 +00:00
sctp_crc32.h
- Copyright change, cisco's silly tool wants it to say:
2007-05-08 17:01:12 +00:00
sctp_header.h
- Fix address add handling to clear cached routes and source addresses
2007-08-24 00:53:53 +00:00
sctp_indata.c
- Fixes a comparison wrap issue with sack gap ack blocks that
2008-01-28 10:25:43 +00:00
sctp_indata.h
- Fix stream reset so it limits the number of streams that can be listed
2007-06-22 13:50:56 +00:00
sctp_input.c
Correct two problems relating to sorflush(), which is called to flush
2008-01-31 08:22:24 +00:00
sctp_input.h
- Consolidate the code that free's chunks to actually also
2007-07-02 19:22:22 +00:00
sctp_lock_bsd.h
- The address lock is changed to a rwlock. This
2007-09-18 15:16:39 +00:00
sctp_os_bsd.h
- The address lock is changed to a rwlock. This
2007-09-18 15:16:39 +00:00
sctp_os.h
- Fix address add handling to clear cached routes and source addresses
2007-08-24 00:53:53 +00:00
sctp_output.c
- Takes out stray ifdef code that should not have been present.
2008-02-22 15:06:25 +00:00
sctp_output.h
- Bug fix managing congestion parameter on immediate
2007-10-01 03:22:29 +00:00
sctp_pcb.c
Fixes a memory leak when VRF's are in play.
2008-02-22 15:08:10 +00:00
sctp_pcb.h
- Change the Time Wait of vtags value to match the cookie-life
2007-10-30 14:09:24 +00:00
sctp_peeloff.c
Correct two problems relating to sorflush(), which is called to flush
2008-01-31 08:22:24 +00:00
sctp_peeloff.h
- Copyright change, cisco's silly tool wants it to say:
2007-05-08 17:01:12 +00:00
sctp_structs.h
- Found a problem in non-blocking sends. When
2007-12-04 14:41:48 +00:00
sctp_sysctl.c
- DF bit was on for COOKIE-ECHO chunks. This is
2007-09-13 14:43:54 +00:00
sctp_sysctl.h
- Get rid of unsused constants for sysctl variables.
2007-09-15 19:07:42 +00:00
sctp_timer.c
- fix sctp_ifn initial refcount issue (prevents deletion)
2007-10-16 14:05:51 +00:00
sctp_timer.h
- Incorrect error EAGAIN returned for invalid send on a locked
2007-09-13 10:36:43 +00:00
sctp_uio.h
- The address lock is changed to a rwlock. This
2007-09-18 15:16:39 +00:00
sctp_usrreq.c
- More fixes for lock misses on the transfer of data to
2007-12-07 01:32:14 +00:00
sctp_var.h
- fix sctp_ifn initial refcount issue (prevents deletion)
2007-10-16 14:05:51 +00:00
sctp.h
- Found a problem in non-blocking sends. When
2007-12-04 14:41:48 +00:00
sctputil.c
Correct two problems relating to sorflush(), which is called to flush
2008-01-31 08:22:24 +00:00
sctputil.h
- Change the Time Wait of vtags value to match the cookie-life
2007-10-30 14:09:24 +00:00
tcp_debug.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
tcp_debug.h
o Use a define for a buffer size.
2007-03-24 22:15:02 +00:00
tcp_fsm.h
Make tcpstates[] static, and make sure TCPSTATES is defined before
2007-07-30 11:06:42 +00:00
tcp_hostcache.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
tcp_input.c
Some "cleanup" of tcp_mss():
2008-03-02 08:40:47 +00:00
tcp_offload.c
Remove extraneous debug statements.
2007-12-19 05:17:40 +00:00
tcp_offload.h
Incorporate TCP offload hooks in to core TCP code.
2007-12-18 22:59:07 +00:00
tcp_output.c
Centralize and correct computation of TCP-MD5 signature offset within
2007-11-30 23:46:51 +00:00
tcp_reass.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
tcp_sack.c
Coalesce two identical UCB licenses into a single license instance with
2007-05-11 11:21:43 +00:00
tcp_seq.h
tcp_subr.c
Incorporate TCP offload hooks in to core TCP code.
2007-12-18 22:59:07 +00:00
tcp_syncache.c
Fix bugs in the TCP syncache timeout code. including:
2007-12-19 16:56:28 +00:00
tcp_syncache.h
Add interface for tcp offload to syncache:
2007-12-12 20:35:59 +00:00
tcp_timer.c
Add FBSDID to all files in netinet so that people can more
2007-10-07 20:44:24 +00:00
tcp_timer.h
Two changes:
2007-09-24 05:26:24 +00:00
tcp_timewait.c
Merge first in a series of TrustedBSD MAC Framework KPI changes
2007-10-24 19:04:04 +00:00
tcp_usrreq.c
tcp_usrreq.c:1.313 removed tcbinfo locking from tcp_usr_accept(), which
2008-01-23 21:15:51 +00:00
tcp_var.h
Change FreeBSD 7 so that it returns TCP options in
2008-02-24 05:13:20 +00:00
tcp.h
Add socket option for setting and retrieving the congestion control algorithm.
2007-12-16 03:30:07 +00:00
tcpip.h
toedev.h
Update the toedev's connect interface to reflect the fact that the inpcb
2007-12-16 05:30:21 +00:00
udp_usrreq.c
Merge first in a series of TrustedBSD MAC Framework KPI changes
2007-10-24 19:04:04 +00:00
udp_var.h
Further cleanup of UDPv4:
2007-07-10 09:30:46 +00:00
udp.h
Gratuitous UDP restyling toward style(9) in 7.x.
2007-02-20 10:13:11 +00:00