diff options
author | silby <silby@FreeBSD.org> | 2004-04-22 08:32:14 +0000 |
---|---|---|
committer | silby <silby@FreeBSD.org> | 2004-04-22 08:32:14 +0000 |
commit | 760a7deec6e5e4cd0ae94c817e97d03407ec7087 (patch) | |
tree | 58f24f3a0681dfb4662bc3e36302d695c33067e8 /sys/netinet/in_pcb.c | |
parent | 6bc1da1c05748794ddfba4b35ad43a0752b9d9ce (diff) | |
download | FreeBSD-src-760a7deec6e5e4cd0ae94c817e97d03407ec7087.zip FreeBSD-src-760a7deec6e5e4cd0ae94c817e97d03407ec7087.tar.gz |
Simplify random port allocation, and add net.inet.ip.portrange.randomized,
which can be used to turn off randomized port allocation if so desired.
Requested by: alfred
Diffstat (limited to 'sys/netinet/in_pcb.c')
-rw-r--r-- | sys/netinet/in_pcb.c | 40 |
1 files changed, 13 insertions, 27 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 6ebfbb3..a02ada7 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -97,6 +97,9 @@ int ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */ int ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */ int ipport_reservedlow = 0; +/* Shall we allocate ephemeral ports in random order? */ +int ipport_randomized = 1; + #define RANGECHK(var, min, max) \ if ((var) < (min)) { (var) = (min); } \ else if ((var) > (max)) { (var) = (max); } @@ -138,6 +141,8 @@ SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh, CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedhigh, 0, ""); SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedlow, CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedlow, 0, ""); +SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomized, + CTLFLAG_RW, &ipport_randomized, 0, ""); /* * in_pcb.c: manage the Protocol Control Blocks. @@ -377,7 +382,7 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred) if (*lportp != 0) lport = *lportp; if (lport == 0) { - u_short first, last, old; + u_short first, last; int count, loopcount; if (laddr.s_addr != INADDR_ANY) @@ -406,27 +411,17 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred) * We split the two cases (up and down) so that the direction * is not being tested on each round of the loop. */ - loopcount = old = 0; -portloop: + loopcount = 0; if (first > last) { /* * counting down */ - if (loopcount == 0) { /* only do this once */ - old = first; - first -= (arc4random() % (first - last)); - } + if (ipport_randomized) + *lastport = first - (arc4random() % (first - last)); count = first - last; - *lastport = first; /* restart each time */ do { - if (count-- < 0) { /* completely used? */ - if (loopcount == 0) { - last = old; - loopcount++; - goto portloop; - } + if (count-- < 0) /* completely used? */ return (EADDRNOTAVAIL); - } --*lastport; if (*lastport > first || *lastport < last) *lastport = first; @@ -437,21 +432,12 @@ portloop: /* * counting up */ - if (loopcount == 0) { /* only do this once. */ - old = first; - first += (arc4random() % (last - first)); - } + if (ipport_randomized) + *lastport = first + (arc4random() % (last - first)); count = last - first; - *lastport = first; /* restart each time */ do { - if (count-- < 0) { /* completely used? */ - if (loopcount == 0) { - first = old; - loopcount++; - goto portloop; - } + if (count-- < 0) /* completely used? */ return (EADDRNOTAVAIL); - } ++*lastport; if (*lastport < first || *lastport > last) *lastport = first; |