| #
b0e3ad75 |
| 22-Aug-2001 |
Mike Silbersack <silby@FreeBSD.org> |
Much delayed but now present: RFC 1948 style sequence numbers
In order to ensure security and functionality, RFC 1948 style
initial sequence number generation has been implemented. Barring
any maj
Much delayed but now present: RFC 1948 style sequence numbers
In order to ensure security and functionality, RFC 1948 style
initial sequence number generation has been implemented. Barring
any major crypographic breakthroughs, this algorithm should be
unbreakable. In addition, the problems with TIME_WAIT recycling
which affect our currently used algorithm are not present.
Reviewed by: jesper
show more ...
|
| #
2d610a50 |
| 08-Jul-2001 |
Mike Silbersack <silby@FreeBSD.org> |
Temporary feature: Runtime tuneable tcp initial sequence number
generation scheme. Users may now select between the currently used
OpenBSD algorithm and the older random positive increment method.
Temporary feature: Runtime tuneable tcp initial sequence number
generation scheme. Users may now select between the currently used
OpenBSD algorithm and the older random positive increment method.
While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT
handling; this is causing trouble for an increasing number of folks.
To switch between generation schemes, one sets the sysctl
net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments,
1 = the OpenBSD algorithm. 1 is still the default.
Once a secure _and_ compatible algorithm is implemented, this sysctl
will be removed.
Reviewed by: jlemon
Tested by: numerous subscribers of -net
show more ...
|
|
Revision tags: release/4.3.0_cvs, release/4.3.0 |
|
| #
d1745f45 |
| 20-Apr-2001 |
Jesper Skriver <jesper@FreeBSD.org> |
Say goodbye to TCP_COMPAT_42
Reviewed by: wollman
Requested by: wollman
|
| #
f0a04f3f |
| 17-Apr-2001 |
Kris Kennaway <kris@FreeBSD.org> |
Randomize the TCP initial sequence numbers more thoroughly.
Obtained from: OpenBSD
Reviewed by: jesper, peter, -developers
|
|
Revision tags: release/4.2.0 |
|
| #
be515d91 |
| 29-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Use stronger random number generation for TCP_ISSINCR and tcp_iss.
Reviewed by: peter, jlemon
|
|
Revision tags: release/4.1.1_cvs, release/4.1.0, release/3.5.0_cvs, release/4.0.0_cvs |
|
| #
664a31e4 |
| 29-Dec-1999 |
Peter Wemm <peter@FreeBSD.org> |
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is cons
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is consistant with the other
BSD's who made this change quite some time ago. More commits to come.
show more ...
|
|
Revision tags: release/3.4.0_cvs, release/3.3.0_cvs |
|
| #
9b8b58e0 |
| 30-Aug-1999 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Restructure TCP timeout handling:
- eliminate the fast/slow timeout lists for TCP and instead use a
callout entry for each timer.
- increase the TCP timer granularity to HZ
- implement "ba
Restructure TCP timeout handling:
- eliminate the fast/slow timeout lists for TCP and instead use a
callout entry for each timer.
- increase the TCP timer granularity to HZ
- implement "bad retransmit" recovery, as presented in
"On Estimating End-to-End Network Path Properties", by Allman and Paxson.
Submitted by: jlemon, wollmann
show more ...
|
| #
c3aac50f |
| 28-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
|
Revision tags: release/3.2.0, release/3.1.0, release/3.0.0, release/2.2.8, release/2.2.7, release/2.2.6, release/2.2.5_cvs, release/2.2.2_cvs, release/2.2.1_cvs, release/2.2.0, release/2.1.7_cvs |
|
| #
6875d254 |
| 22-Feb-1997 |
Peter Wemm <peter@FreeBSD.org> |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
|
|
Revision tags: release/2.1.6_cvs, release/2.1.6.1 |
|
| #
1130b656 |
| 14-Jan-1997 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
show more ...
|
|
Revision tags: release/2.1.5_cvs, release/2.1.0_cvs |
|
| #
e79adb8e |
| 03-Oct-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Finish 4.4-Lite-2 merge: randomize TCP initial sequence numbers
to make ISS-guessing spoofing attacks harder.
|
| #
efe4b0eb |
| 21-Sep-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Second try: get 4.4-Lite-2 into the source tree. The conflicts don't
matter because none of our working source files are on the CSRG branch
any more.
Obtained from: 4.4BSD-Lite-2
|
|
Revision tags: release/2.0.5_cvs |
|
| #
2f96f1f4 |
| 14-Feb-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Get rid of some unneeded #ifdef TTCP lines. Also, get rid of some
bogus commons declared in header files.
|
| #
eb6ad696 |
| 08-Feb-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Merge in T/TCP TCP header file changes.
|
|
Revision tags: release/2.0 |
|
| #
707f139e |
| 21-Aug-1994 |
Paul Richards <paul@FreeBSD.org> |
Made idempotent.
Submitted by: Paul
|
| #
3c4dd356 |
| 02-Aug-1994 |
David Greenman <dg@FreeBSD.org> |
Added $Id$
|
|
Revision tags: release/1.1.5.1_cvs |
|
| #
df8bae1d |
| 24-May-1994 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
BSD 4.4 Lite Kernel Sources
|