Date: Sat, 7 Jul 2001 19:20:48 -0700 (PDT) From: Mike Silbersack <silby@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet tcp_input.c tcp_seq.h tcp_subr.c tcp_timer.c tcp_usrreq.c tcp_var.h Message-ID: <200107080220.f682Kn722056@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
silby 2001/07/07 19:20:48 PDT
Modified files:
sys/netinet tcp_input.c tcp_seq.h tcp_subr.c
tcp_timer.c tcp_usrreq.c tcp_var.h
Log:
Temporary feature: Runtime tuneable tcp initial sequence number
generation scheme. Users may now select between the currently used
OpenBSD algorithm and the older random positive increment method.
While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT
handling; this is causing trouble for an increasing number of folks.
To switch between generation schemes, one sets the sysctl
net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments,
1 = the OpenBSD algorithm. 1 is still the default.
Once a secure _and_ compatible algorithm is implemented, this sysctl
will be removed.
Reviewed by: jlemon
Tested by: numerous subscribers of -net
Revision Changes Path
1.136 +3 -3 src/sys/netinet/tcp_input.c
1.16 +19 -1 src/sys/netinet/tcp_seq.h
1.109 +26 -1 src/sys/netinet/tcp_subr.c
1.46 +3 -1 src/sys/netinet/tcp_timer.c
1.63 +3 -3 src/sys/netinet/tcp_usrreq.c
1.70 +2 -1 src/sys/netinet/tcp_var.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107080220.f682Kn722056>