D37042.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D37042.diff
View Options

	diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
	--- a/share/man/man4/ip.4
	+++ b/share/man/man4/ip.4
	@@ -453,21 +453,6 @@
	In these cases,
	.Va net.inet.ip.portrange.randomized
	can be used to toggle randomization off.
	-If more than
	-.Va net.inet.ip.portrange.randomcps
	-ports have been allocated in the last second, then return to sequential
	-port allocation.
	-Return to random allocation only once the current port allocation rate
	-drops below
	-.Va net.inet.ip.portrange.randomcps
	-for at least
	-.Va net.inet.ip.portrange.randomtime
	-seconds.
	-The default values for
	-.Va net.inet.ip.portrange.randomcps
	-and
	-.Va net.inet.ip.portrange.randomtime
	-are 10 port allocations per second and 45 seconds correspondingly.
	.Ss "Multicast Options"
	.Tn IP
	multicasting is supported only on
	diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
	--- a/sys/netinet/in_pcb.h
	+++ b/sys/netinet/in_pcb.h
	@@ -714,10 +714,6 @@
	VNET_DECLARE(int, ipport_hifirstauto);
	VNET_DECLARE(int, ipport_hilastauto);
	VNET_DECLARE(int, ipport_randomized);
	-VNET_DECLARE(int, ipport_randomcps);
	-VNET_DECLARE(int, ipport_randomtime);
	-VNET_DECLARE(int, ipport_stoprandom);
	-VNET_DECLARE(int, ipport_tcpallocs);

	#define V_ipport_reservedhigh VNET(ipport_reservedhigh)
	#define V_ipport_reservedlow VNET(ipport_reservedlow)
	@@ -728,10 +724,6 @@
	#define V_ipport_hifirstauto VNET(ipport_hifirstauto)
	#define V_ipport_hilastauto VNET(ipport_hilastauto)
	#define V_ipport_randomized VNET(ipport_randomized)
	-#define V_ipport_randomcps VNET(ipport_randomcps)
	-#define V_ipport_randomtime VNET(ipport_randomtime)
	-#define V_ipport_stoprandom VNET(ipport_stoprandom)
	-#define V_ipport_tcpallocs VNET(ipport_tcpallocs)

	void in_pcbinfo_init(struct inpcbinfo , struct inpcbstorage ,
	u_int, u_int);
	diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
	--- a/sys/netinet/in_pcb.c
	+++ b/sys/netinet/in_pcb.c
	@@ -55,7 +55,6 @@
	#include <sys/lock.h>
	#include <sys/malloc.h>
	#include <sys/mbuf.h>
	-#include <sys/callout.h>
	#include <sys/eventhandler.h>
	#include <sys/domain.h>
	#include <sys/protosw.h>
	@@ -117,8 +116,6 @@
	#define INPCBLBGROUP_SIZMAX 256
	#define INP_FREED 0x00000200 /* See in_pcb.h. */

	-static struct callout ipport_tick_callout;
	-
	/*
	* These configure the range of local port addresses assigned to
	* "unspecified" outgoing connections/packets/whatever.
	@@ -138,15 +135,8 @@
	VNET_DEFINE(int, ipport_reservedhigh) = IPPORT_RESERVED - 1; /* 1023 */
	VNET_DEFINE(int, ipport_reservedlow);

	-/* Variables dealing with random ephemeral port allocation. */
	-VNET_DEFINE(int, ipport_randomized) = 1; /* user controlled via sysctl */
	-VNET_DEFINE(int, ipport_randomcps) = 10; /* user controlled via sysctl */
	-VNET_DEFINE(int, ipport_randomtime) = 45; /* user controlled via sysctl */
	-VNET_DEFINE(int, ipport_stoprandom); /* toggled by ipport_tick */
	-VNET_DEFINE(int, ipport_tcpallocs);
	-VNET_DEFINE_STATIC(int, ipport_tcplastcount);
	-
	-#define V_ipport_tcplastcount VNET(ipport_tcplastcount)
	+/* Enable random ephemeral port allocation by default. */
	+VNET_DEFINE(int, ipport_randomized) = 1;

	#ifdef INET
	static struct inpcb in_pcblookup_hash_locked(struct inpcbinfo pcbinfo,
	@@ -214,15 +204,6 @@
	SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomized,
	CTLFLAG_VNET \| CTLFLAG_RW,
	&VNET_NAME(ipport_randomized), 0, "Enable random port allocation");
	-SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomcps,
	- CTLFLAG_VNET \| CTLFLAG_RW,
	- &VNET_NAME(ipport_randomcps), 0, "Maximum number of random port "
	- "allocations before switching to a sequential one");
	-SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomtime,
	- CTLFLAG_VNET \| CTLFLAG_RW,
	- &VNET_NAME(ipport_randomtime), 0,
	- "Minimum time to keep sequential port "
	- "allocation before switching to a random one");

	#ifdef RATELIMIT
	counter_u64_t rate_limit_new;
	@@ -730,7 +711,7 @@
	struct inpcbinfo *pcbinfo;
	struct inpcb *tmpinp;
	unsigned short *lastport;
	- int count, dorandom, error;
	+ int count, error;
	u_short aux, first, last, lport;
	#ifdef INET
	struct in_addr laddr, faddr;
	@@ -764,27 +745,7 @@
	last = V_ipport_lastauto;
	lastport = &pcbinfo->ipi_lastport;
	}
	- /*
	- * For UDP(-Lite), use random port allocation as long as the user
	- * allows it. For TCP (and as of yet unknown) connections,
	- * use random port allocation only if the user allows it AND
	- * ipport_tick() allows it.
	- */
	- if (V_ipport_randomized &&
	- (!V_ipport_stoprandom \|\| pcbinfo == &V_udbinfo \|\|
	- pcbinfo == &V_ulitecbinfo))
	- dorandom = 1;
	- else
	- dorandom = 0;
	- /*
	- * It makes no sense to do random port allocation if
	- * we have the only port available.
	- */
	- if (first == last)
	- dorandom = 0;
	- /* Make sure to not include UDP(-Lite) packets in the count. */
	- if (pcbinfo != &V_udbinfo && pcbinfo != &V_ulitecbinfo)
	- V_ipport_tcpallocs++;
	+
	/*
	* Instead of having two loops further down counting up or down
	* make sure that first is always <= last and go with only one
	@@ -818,7 +779,7 @@
	tmpinp = NULL;
	lport = *lportp;

	- if (dorandom)
	+ if (V_ipport_randomized)
	*lastport = first + (arc4random() % (last - first));

	count = last - first;
	@@ -2597,58 +2558,6 @@
	#endif
	}

	-/*
	- * ipport_tick runs once per second, determining if random port allocation
	- * should be continued. If more than ipport_randomcps ports have been
	- * allocated in the last second, then we return to sequential port
	- * allocation. We return to random allocation only once we drop below
	- * ipport_randomcps for at least ipport_randomtime seconds.
	- */
	-static void
	-ipport_tick(void *xtp)
	-{
	- VNET_ITERATOR_DECL(vnet_iter);
	-
	- VNET_LIST_RLOCK_NOSLEEP();
	- VNET_FOREACH(vnet_iter) {
	- CURVNET_SET(vnet_iter); /* XXX appease INVARIANTS here */
	- if (V_ipport_tcpallocs - V_ipport_tcplastcount <=
	- V_ipport_randomcps) {
	- if (V_ipport_stoprandom > 0)
	- V_ipport_stoprandom--;
	- } else
	- V_ipport_stoprandom = V_ipport_randomtime;
	- V_ipport_tcplastcount = V_ipport_tcpallocs;
	- CURVNET_RESTORE();
	- }
	- VNET_LIST_RUNLOCK_NOSLEEP();
	- callout_reset(&ipport_tick_callout, hz, ipport_tick, NULL);
	-}
	-
	-static void
	-ip_fini(void *xtp)
	-{
	-
	- callout_stop(&ipport_tick_callout);
	-}
	-
	-/*
	- * The ipport_callout should start running at about the time we attach the
	- * inet or inet6 domains.
	- */
	-static void
	-ipport_tick_init(const void *unused __unused)
	-{
	-
	- /* Start ipport_tick. */
	- callout_init(&ipport_tick_callout, 1);
	- callout_reset(&ipport_tick_callout, 1, ipport_tick, NULL);
	- EVENTHANDLER_REGISTER(shutdown_pre_sync, ip_fini, NULL,
	- SHUTDOWN_PRI_DEFAULT);
	-}
	-SYSINIT(ipport_tick_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE,
	- ipport_tick_init, NULL);
	-
	void
	inp_wlock(struct inpcb *inp)
	{

File Metadata

Mime Type: text/plain
Expires: Sat, Nov 30, 3:34 PM (22 h, 6 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14944166
Default Alt Text: D37042.diff (6 KB)

D37042.diffNo OneTemporaryActions

D37042.diffView Options

File Metadata

Event Timeline

D37042.diff
No OneTemporary
Actions

D37042.diff
View Options