This is the mail archive of the ecos-patches@sources.redhat.com mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Random source ports


Attached patch contains a CDL option to randomize the
source port when a connection is created.

I ran into a problem when testing through a customer's
firewall.  The first connection started using source
port 1024, the second used 1025, etc, and everything
was ok.  Then I changed the configuration, and
restarted the eCos board.  Again, it started with
1024, but the connection failed.  I found out that the
firewall prevented the connection from completing
because it misinterpreted the pattern as a DoS attack.
  We waited for 30 minutes before the firewall allowed
1024 to pass again.  I can't tell you if this firewall
configuration is typical.

The patch was lifted from FreeBSD.  There are a couple
differences between this and FreeBSD's implementation:
1) FreeBSD enables random ports by default.  This
patch keeps the current operation by default.
2) FreeBSD enables and disables random ports via
sysctl.  This patch uses CDL instead.
3) FreeBSD has logic that turns off random ports for
TCP if a configurable connection rate is exceeded, and
then reenables random ports once the rate decreases. 
This patch removed that logic.

-- Matt


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

Attachment: randomports.pat
Description: randomports.pat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]