freebsd-skq/sys/netinet
Mike Silbersack 2d610a5028 Temporary feature: Runtime tuneable tcp initial sequence number
generation scheme.  Users may now select between the currently used
OpenBSD algorithm and the older random positive increment method.

While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT
handling; this is causing trouble for an increasing number of folks.

To switch between generation schemes, one sets the sysctl
net.inet.tcp.tcp_seq_genscheme.  0 = random positive increments,
1 = the OpenBSD algorithm.  1 is still the default.

Once a secure _and_ compatible algorithm is implemented, this sysctl
will be removed.

Reviewed by: jlemon
Tested by: numerous subscribers of -net
2001-07-08 02:20:47 +00:00
..
libalias Fixed the brain-o in rev. 1.10: the logic check was reversed. 2001-06-27 14:11:25 +00:00
accf_data.c Remove headers not needed. 2000-10-07 23:15:17 +00:00
accf_http.c Fix incorrect logic wouldn't disconnect incomming connections that had been 2001-01-03 19:50:23 +00:00
icmp6.h - Renumber KAME local ICMP types and NDP options numberes beacaues they 2001-06-21 07:08:43 +00:00
icmp_var.h Clean up RST ratelimiting. Previously, ratelimiting occured before tests 2001-02-11 07:39:51 +00:00
if_atm.c udp IPv6 support, IPv6/IPv4 tunneling support in kernel, 1999-12-07 17:39:16 +00:00
if_atm.h Add $FreeBSD$ 2000-05-01 20:32:07 +00:00
if_ether.c Do not perform arp send/resolve on an interface marked NOARP. 2001-06-15 21:00:32 +00:00
if_ether.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
if_fddi.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
igmp_var.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
igmp.c Add netstat(1) knob to reset net.inet.{ip|icmp|tcp|udp|igmp}.stats. 2001-06-23 17:17:59 +00:00
igmp.h $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
in_cksum.c $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
in_gif.c gif(4) and stf(4) modernization: 2001-07-02 21:02:09 +00:00
in_gif.h gif(4) and stf(4) modernization: 2001-07-02 21:02:09 +00:00
in_hostcache.c Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
in_hostcache.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
in_pcb.c Backout CSRG revision 7.22 to this file (if in_losing notices an 2001-06-29 12:07:29 +00:00
in_pcb.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
in_proto.c gif(4) and stf(4) modernization: 2001-07-02 21:02:09 +00:00
in_rmx.c In in_ifadown(), differentiate between whether the interface goes 2001-05-11 14:37:34 +00:00
in_systm.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
in_var.h In in_ifadown(), differentiate between whether the interface goes 2001-05-11 14:37:34 +00:00
in.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
in.h Fix a stack of KAME netinet6/in6.h warnings: 2001-06-15 00:37:27 +00:00
ip6.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_divert.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_dummynet.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
ip_dummynet.h MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately) 2001-02-02 00:18:00 +00:00
ip_ecn.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_ecn.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_encap.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_encap.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_flow.c Bring in fix from NetBSD's revision 1.16: 2001-06-26 09:00:50 +00:00
ip_flow.h Back out the previous change to the queue(3) interface. 2000-05-26 02:09:24 +00:00
ip_fw.c While in there fixing a fragment logging bug, fix it so we log 2001-07-02 15:50:31 +00:00
ip_fw.h Introduce a new feature in IPFW: Check of the source or destination 2001-02-13 14:12:37 +00:00
ip_icmp.c Add netstat(1) knob to reset net.inet.{ip|icmp|tcp|udp|igmp}.stats. 2001-06-23 17:17:59 +00:00
ip_icmp.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
ip_id.c Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. 2001-06-01 10:02:28 +00:00
ip_input.c Add netstat(1) knob to reset net.inet.{ip|icmp|tcp|udp|igmp}.stats. 2001-06-23 17:17:59 +00:00
ip_mroute.c Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. 2001-06-01 10:02:28 +00:00
ip_mroute.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
ip_output.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_var.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip.h IPSEC support in the kernel. 1999-12-22 19:13:38 +00:00
ipprotosw.h activate pfil_hooks and covert ipfilter to use it 2000-07-31 13:11:42 +00:00
raw_ip.c Sync with recent KAME. 2001-06-11 12:39:29 +00:00
tcp_debug.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
tcp_debug.h Sorry in this just befor code freeze commit. 2000-01-29 11:49:07 +00:00
tcp_fsm.h Undo rev 1.10, which took out TH_FIN from the CLOSING state. This 1999-11-07 04:18:30 +00:00
tcp_input.c Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_output.c Eliminate the allocation of a tcp template structure for each 2001-06-23 03:21:46 +00:00
tcp_reass.c Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_seq.h Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_subr.c Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_timer.c Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_timer.h Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" 1999-12-29 04:46:21 +00:00
tcp_timewait.c Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_usrreq.c Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp_var.h Temporary feature: Runtime tuneable tcp initial sequence number 2001-07-08 02:20:47 +00:00
tcp.h o Minor style(9)ism to make consistent with -STABLE 2001-01-09 18:26:17 +00:00
tcpip.h Remove struct full_tcpiphdr{}. 2001-02-26 20:10:16 +00:00
udp_usrreq.c Allow getcred sysctl to work in jailed root processes. Processes can 2001-06-24 12:18:27 +00:00
udp_var.h remove unused data structure definition, and corresponding macro into*() 2001-02-18 07:10:03 +00:00
udp.h $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00