lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 16 Oct 2007 07:59:46 +0200
From:	Anton Arapov <aarapov@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	David Miller <davem@...emloft.net>, linux-kernel@...r.kernel.org,
	linux-netdev@...r.kernel.org, davem@...hat.com, jgarzik@...hat.com
Subject: Re: [PATCH] ipv4: kernel panic when only one unsecured port available

Andrew Morton <akpm@...ux-foundation.org> writes:
> <looks>
>
> OK, in ipv4_local_port_range() we have 
>
>                 if (range[1] <= range[0])
>                         ret = -EINVAL;
>
[...skipped...]

> : ip_local_port_range
> : -------------------
> :
> : Range of  ports  used  by  TCP  and UDP to choose the local port. Contains two
> : numbers, the  first  number  is the lowest port, the second number the highest
> : local port.  Default  is  1024-4999.  Should  be  changed  to  32768-61000 for
> : high-usage systems.
>
> ie: inclusive.
>
> Documentation/networking/ip-sysctl.txt says
>
> : ip_local_port_range - 2 INTEGERS
> : 	Defines the local port range that is used by TCP and UDP to
> : 	choose the local port. The first number is the first, the 
> : 	second the last local port number. Default value depends on
> : 	amount of memory available on the system:
> : 	> 128Mb 32768-61000
> : 	< 128Mb 1024-4999 or even less.
> : 	This number defines number of active connections, which this
> : 	system can issue simultaneously to systems not supporting
> : 	TCP extensions (timestamps). With tcp_tw_recycle enabled
> : 	(i.e. by default) range 1024-4999 is enough to issue up to
> : 	2000 connections per second to systems supporting timestamps.
>
> also inclusive.

  I'm also agree, that we should have an ability to use the same
minimum/maximum port number for the cases when we want to use only
one port.

-- 
Anton Arapov, <aarapov@...hat.com>
GPG Key ID: 0x6FA8C812

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ