cvs commit: src/sys/netinet in.h in_pcb.c
Rui Paulo
rpaulo at FreeBSD.org
Tue Mar 4 19:16:32 UTC 2008
rpaulo 2008-03-04 19:16:22 UTC
FreeBSD src repository
Modified files:
sys/netinet in.h in_pcb.c
Log:
Change the default port range for outgoing connections by introducing
IPPORT_EPHEMERALFIRST and IPPORT_EPHEMERALLAST with values
10000 and 65535 respectively.
The rationale behind is that it makes the attacker's life more
difficult if he/she wants to guess the ephemeral port range and
also lowers the probability of a port colision (described in
draft-ietf-tsvwg-port-randomization-01.txt).
While there, remove code duplication in in_pcbbind_setup().
Submitted by: Fernando Gont <fernando at gont.com.ar>
Approved by: njl (mentor)
Reviewed by: silby, bms
Discussed on: freebsd-net
Revision Changes Path
1.101 +8 -4 src/sys/netinet/in.h
1.199 +21 -40 src/sys/netinet/in_pcb.c
More information about the cvs-all
mailing list