diff options
author | peter <peter@FreeBSD.org> | 1996-08-12 14:05:54 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1996-08-12 14:05:54 +0000 |
commit | cff0cee56f8b022e93a2ce161b76444796020180 (patch) | |
tree | cc92a1d80ecf684c5150ca794f960086dd4a0219 /sys/netinet/in.h | |
parent | c2fcbeb6ff1e38452f855641439831a4746ef02a (diff) | |
download | FreeBSD-src-cff0cee56f8b022e93a2ce161b76444796020180.zip FreeBSD-src-cff0cee56f8b022e93a2ce161b76444796020180.tar.gz |
Add two more portrange sysctls, which control the area of the below
IPPORT_RESERVED that is used for selection when bind() is told to allocate
a reserved port.
Also, implement simple sanity checking for all the addresses set, to make
it a little harder for a user/sysadmin to shoot themselves in the feet.
Diffstat (limited to 'sys/netinet/in.h')
-rw-r--r-- | sys/netinet/in.h | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 437489f..3f2dce2 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)in.h 8.3 (Berkeley) 1/3/94 - * $Id: in.h,v 1.17 1996/04/03 13:52:11 phk Exp $ + * $Id: in.h,v 1.18 1996/07/10 19:44:20 julian Exp $ */ #ifndef _NETINET_IN_H_ @@ -88,7 +88,7 @@ * if you trust the remote host to restrict these ports. * * The default range of ports and the high range can be changed by - * sysctl(3). (net.inet.ip.port{hi}{first,last}_auto) + * sysctl(3). (net.inet.ip.port{hi,low}{first,last}_auto) * * Changing those values has bad security implications if you are * using a a stateless firewall that is allowing packets outside of that @@ -115,6 +115,14 @@ #define IPPORT_HILASTAUTO 44999 /* + * Scanning for a free reserved port return a value below IPPORT_RESERVED, + * but higher than IPPORT_RESERVEDSTART. Traditionally the start value was + * 512, but that conflicts with some well-known-services that firewalls may + * have a fit if we use. + */ +#define IPPORT_RESERVEDSTART 600 + +/* * Internet address (a structure for historical reasons) */ struct in_addr { |