freebsd-skq/sys
silby c79cd91efc Port randomization leads to extremely fast port reuse at high
connection rates, which is causing problems for some users.

To retain the security advantage of random ports and ensure
correct operation for high connection rate users, disable
port randomization during periods of high connection rates.

Whenever the connection rate exceeds randomcps (10 by default),
randomization will be disabled for randomtime (45 by default)
seconds.  These thresholds may be tuned via sysctl.

Many thanks to Igor Sysoev, who proved the necessity of this
change and tested many preliminary versions of the patch.

MFC After:	20 seconds
2005-01-02 01:50:57 +00:00
..
alpha - make machine model list more comprehensive, the whole Alpha family tree 2005-01-01 16:11:53 +00:00
amd64 Minor sync to i386 GENERIC in the form of comments and whitespace. 2004-12-30 18:51:23 +00:00
arm Modify pmap_enter_quick() so that it expects the page queues to be locked 2004-12-23 20:16:11 +00:00
boot NOFORTH -> NO_FORTH 2004-12-21 12:32:15 +00:00
cam Correct another location where inquiry length as calculated from the 2004-11-18 07:24:29 +00:00
coda Convert coda to nmount. 2004-12-06 19:46:02 +00:00
compat Stop explicitly touching td_base_pri outside of the scheduler and simply 2004-12-30 20:29:58 +00:00
conf Remove special case from *devs2h loop for usb 2004-12-30 23:22:08 +00:00
contrib * Remove some code that's in a #ifndef FreeBSD that's no longer used. 2004-12-26 09:09:29 +00:00
crypto Start the dreaded NOFOO -> NO_FOO conversion. 2004-12-21 08:47:35 +00:00
ddb When printing a stack trace for a thread, also print the pid and tid. 2004-11-23 23:11:47 +00:00
dev In re_detach(), remove an extra call to ether_ifdetach(). 2005-01-02 01:37:21 +00:00
doc
fs Be consistent about flag values passed to device drivers read/write 2004-12-22 17:05:44 +00:00
gdb Change gdb_cpu_setreg() to not take the value to which to set the 2004-12-01 06:40:35 +00:00
geom Stop explicitly touching td_base_pri outside of the scheduler and simply 2004-12-30 20:29:58 +00:00
gnu Implement simpler panics for VOP_{read,write} on fifos. 2004-12-14 21:30:45 +00:00
i4b Mark i4b IPR and SPPP drivers as NET_NEEDS_GIANT(), as they both 2004-10-12 09:25:52 +00:00
i386 Use NULL instead of 0 in a few places as well as various whitespace fixes. 2004-12-30 19:26:23 +00:00
ia64 Further enhance the handling of misaligned loads and stores: 2005-01-02 00:20:54 +00:00
isa Formatting nits 2004-12-27 18:18:38 +00:00
isofs/cd9660 First save from editor, *then* commit. 2004-12-07 15:25:36 +00:00
kern Implement device_quiesce. This method means 'you are about to be 2004-12-31 20:47:51 +00:00
libkern Use the RET macro. 2004-11-09 16:47:47 +00:00
modules Add usbdevs_data.h to the SRCS list since usb_subr.c needs it. This forces 2004-12-31 16:05:07 +00:00
net Add FR support to sppp (MFCronyx). 2004-12-28 00:07:57 +00:00
net80211 Correct scan candidate selection logic for dual-band devices: prefer 2005-01-01 17:48:27 +00:00
netatalk Correct a misspelling in a comment. 2004-12-05 13:28:52 +00:00
netatm Initialize struct pr_userreqs in new/sparse style and fill in common 2004-11-08 14:44:54 +00:00
netgraph Remove a check that never returns true, because in this case we have panic 2004-12-30 12:22:51 +00:00
netinet Port randomization leads to extremely fast port reuse at high 2005-01-02 01:50:57 +00:00
netinet6 In certain cases ip_output() can free our route, so check 2004-12-10 07:51:14 +00:00
netipsec Initialize struct pr_userreqs in new/sparse style and fill in common 2004-11-08 14:44:54 +00:00
netipx Use RTFREE() to free route references rather than rtfree(), as rtfree() 2005-01-02 01:47:56 +00:00
netkey support TCP-MD5(IPv4) in KAME-IPSEC, too. 2004-11-08 18:49:51 +00:00
netnatm Initialize struct pr_userreqs in new/sparse style and fill in common 2004-11-08 14:44:54 +00:00
netncp Add missing zero flag argument. 2004-10-12 08:22:08 +00:00
netsmb Don't use vn_todev(). 2004-11-10 07:16:59 +00:00
nfs Add non-blocking versions of nfsm_dissect() and friends, for use from 2004-12-06 17:33:52 +00:00
nfs4client Rewrite of the NFS client's reply handling. We now have NFS socket 2004-12-06 21:11:15 +00:00
nfsclient Turn NFS directio off until the stability issues are resolved. 2004-12-23 21:30:30 +00:00
nfsserver Correct a bug in nfsrv_create() where a call to nfsrv_access() might 2004-11-11 21:30:52 +00:00
opencrypto Push Giant down through ioctl. 2004-11-17 09:09:55 +00:00
pc98 Fix comment. 2004-12-22 17:32:27 +00:00
pccard Move PNP IDs back into oldcard files 2004-08-13 06:57:31 +00:00
pci [1] Remove the generic bridge support from those drivers that had it. The 2004-12-30 07:18:58 +00:00
posix4 Back when VOP_* was introduced, we did not have new-style struct 2004-12-01 23:16:38 +00:00
powerpc Correctly initialise the 2nd kernel segment, and don't 2004-12-29 09:41:40 +00:00
rpc Prefer C99's __func__ over GCC's __FUNCTION__. 2004-09-23 18:25:46 +00:00
security Add a new sysctl/tunable to mac_portacl: 2004-12-08 11:46:44 +00:00
sparc64 Minor sync to alpha and i386: 2004-12-30 18:31:53 +00:00
sys Increase the message buffer size on AMD64. Such machines can have a lot 2005-01-01 21:49:20 +00:00
tools dheader and hheader were the same function, really, so rename one of 2004-12-31 21:12:17 +00:00
ufs white space 2004-12-14 21:35:00 +00:00
vm Assert that page allocations during an interrupt specify 2004-12-31 19:50:45 +00:00
Makefile Add a NO_BOOT knob to prevent building the boot blocks and loader. 2004-08-19 09:54:28 +00:00