freebsd-skq/sys/netinet
Mike Silbersack 5f311da2cc Port randomization leads to extremely fast port reuse at high
connection rates, which is causing problems for some users.

To retain the security advantage of random ports and ensure
correct operation for high connection rate users, disable
port randomization during periods of high connection rates.

Whenever the connection rate exceeds randomcps (10 by default),
randomization will be disabled for randomtime (45 by default)
seconds.  These thresholds may be tuned via sysctl.

Many thanks to Igor Sysoev, who proved the necessity of this
change and tested many preliminary versions of the patch.

MFC After:	20 seconds
2005-01-02 01:50:57 +00:00
..
libalias For variables that are only checked with defined(), don't provide 2004-10-24 15:33:08 +00:00
accf_data.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
accf_http.c The socket field so_state is used to hold a variety of socket related 2004-06-14 18:16:22 +00:00
icmp6.h
icmp_var.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
if_atm.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
if_atm.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
if_ether.c More fixing of multiple addresses in the same prefix. This time do not try 2004-12-09 00:12:41 +00:00
if_ether.h
igmp_var.h
igmp.c Lock down parallel router_info list for tracking multicast IGMP 2004-06-11 03:42:37 +00:00
igmp.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
in_cksum.c
in_gif.c In certain cases ip_output() can free our route, so check 2004-12-10 07:51:14 +00:00
in_gif.h
in_pcb.c Port randomization leads to extremely fast port reuse at high 2005-01-02 01:50:57 +00:00
in_pcb.h Port randomization leads to extremely fast port reuse at high 2005-01-02 01:50:57 +00:00
in_proto.c Convert IPDIVERT into a loadable module. This makes use of the dynamic loadability 2004-10-19 21:14:57 +00:00
in_rmx.c Time out routes created by redirect. 2004-12-06 22:27:22 +00:00
in_systm.h
in_var.h Properly declare the "net.inet" sysctl subtree. 2004-10-19 21:06:14 +00:00
in.c Fix host route addition for more than one address to a loopback interface 2004-11-17 23:14:03 +00:00
in.h Pre-emptively define IPPROTO_SPACER to 32767, the same value as PROTO_SPACER 2004-10-19 20:59:01 +00:00
ip6.h
ip_divert.c - Since divert protocol is not connection oriented, remove SS_ISCONNECTED flag 2004-11-18 13:49:18 +00:00
ip_divert.h Convert IPDIVERT into a loadable module. This makes use of the dynamic loadability 2004-10-19 21:14:57 +00:00
ip_dummynet.c Allocate memory when dumping pipes with M_WAITOK flag. 2004-08-25 09:31:30 +00:00
ip_dummynet.h Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland 2004-08-17 22:05:54 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c Fix a double-free in the 'hlen > m->m_len' sanity check. 2004-11-09 09:40:32 +00:00
ip_fw2.c This commit adds a shared locking mechanism very similar to the 2004-12-10 02:17:18 +00:00
ip_fw_pfil.c Revert last change. 2004-12-10 07:47:17 +00:00
ip_fw.h Add support to IPFW for matching by TCP data length. 2004-10-03 00:47:15 +00:00
ip_gre.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_gre.h
ip_icmp.c Remove the last two global variables that are used to store packet state while 2004-09-15 20:13:26 +00:00
ip_icmp.h
ip_id.c White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_input.c Port randomization leads to extremely fast port reuse at high 2005-01-02 01:50:57 +00:00
ip_mroute.c When running with debug.mpsafenet=0, initialize IP multicast routing 2004-10-07 14:13:35 +00:00
ip_mroute.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
ip_output.c Remove an errant blank line apparently introduced in 2004-12-25 22:59:42 +00:00
ip_var.h Port randomization leads to extremely fast port reuse at high 2005-01-02 01:50:57 +00:00
ip.h
ipprotosw.h
pim_var.h
pim.h
raw_ip.c Initialize struct pr_userreqs in new/sparse style and fill in common 2004-11-08 14:44:54 +00:00
tcp_debug.c
tcp_debug.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_fsm.h s/send/sent/ in comment describing TCPS_SYN_RECEIVED. 2004-11-21 14:38:04 +00:00
tcp_hostcache.c Minor grammer fix in comment. 2004-12-05 22:20:59 +00:00
tcp_input.c In the dropafterack case of tcp_input(), it's OK to release the TCP 2004-12-25 22:26:13 +00:00
tcp_output.c Fixes a bug in SACK causing us to send data beyond the receive window. 2004-11-29 18:47:27 +00:00
tcp_reass.c In the dropafterack case of tcp_input(), it's OK to release the TCP 2004-12-25 22:26:13 +00:00
tcp_sack.c Add a matching tunable for net.inet.tcp.sack.enable sysctl. 2004-10-26 08:59:09 +00:00
tcp_seq.h Remove RFC1644 T/TCP support from the TCP side of the network stack. 2004-11-02 22:22:22 +00:00
tcp_subr.c Attempt to consistently use () around return values in calls to 2004-12-23 01:34:26 +00:00
tcp_syncache.c Remove RFC1644 T/TCP support from the TCP side of the network stack. 2004-11-02 22:22:22 +00:00
tcp_timer.c Remove the now unused tcp_canceltimers() function. tcpcb timers are 2004-12-23 01:25:59 +00:00
tcp_timer.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
tcp_timewait.c Attempt to consistently use () around return values in calls to 2004-12-23 01:34:26 +00:00
tcp_usrreq.c Do export the advertised receive window via the tcpi_rcv_space field of 2004-11-27 20:20:11 +00:00
tcp_var.h Remove the now unused tcp_canceltimers() function. tcpcb timers are 2004-12-23 01:25:59 +00:00
tcp.h Do export the advertised receive window via the tcpi_rcv_space field of 2004-11-27 20:20:11 +00:00
tcpip.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
udp_usrreq.c Initialize struct pr_userreqs in new/sparse style and fill in common 2004-11-08 14:44:54 +00:00
udp_var.h White space cleanup for netinet before branch: 2004-08-16 18:32:07 +00:00
udp.h