diff options
| author | silby <silby@FreeBSD.org> | 2001-07-08 02:20:47 +0000 |
|---|---|---|
| committer | silby <silby@FreeBSD.org> | 2001-07-08 02:20:47 +0000 |
| commit | 2be73222cb19a5095c4726a24bf5b1a64fbc420f (patch) | |
| tree | fef63dda5be2e0301de334e984f17a9b61cf3d84 /sys/netinet/tcp_var.h | |
| parent | 6027a078967acc487d07764badb87d2df9e6a48a (diff) | |
| download | FreeBSD-src-2be73222cb19a5095c4726a24bf5b1a64fbc420f.zip FreeBSD-src-2be73222cb19a5095c4726a24bf5b1a64fbc420f.tar.gz | |
Temporary feature: Runtime tuneable tcp initial sequence number
generation scheme. Users may now select between the currently used
OpenBSD algorithm and the older random positive increment method.
While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT
handling; this is causing trouble for an increasing number of folks.
To switch between generation schemes, one sets the sysctl
net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments,
1 = the OpenBSD algorithm. 1 is still the default.
Once a secure _and_ compatible algorithm is implemented, this sysctl
will be removed.
Reviewed by: jlemon
Tested by: numerous subscribers of -net
Diffstat (limited to 'sys/netinet/tcp_var.h')
| -rw-r--r-- | sys/netinet/tcp_var.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 294699f..299968e 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -414,6 +414,7 @@ void tcp_rndiss_init __P((void)); tcp_seq tcp_rndiss_next __P((void)); u_int16_t tcp_rndiss_encrypt __P((u_int16_t)); +tcp_seq tcp_new_isn __P((void)); #endif /* _KERNEL */ |
