Re: [PATCH] ipv4: kernel panic when only one unsecured port available

From: Anton Arapov
Date: Tue Oct 16 2007 - 02:00:14 EST

Next message: Paul Jackson: "Re: [RFC] cpuset update_cgroup_cpus_allowed"
Previous message: Ingo Molnar: "[patch] sound: fix bootup crash in snd_gus_interrupt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> writes:
> <looks>
>
> OK, in ipv4_local_port_range() we have
>
> if (range[1] <= range[0])
> ret = -EINVAL;
>
[...skipped...]

> : ip_local_port_range
> : -------------------
> :
> : Range of ports used by TCP and UDP to choose the local port. Contains two
> : numbers, the first number is the lowest port, the second number the highest
> : local port. Default is 1024-4999. Should be changed to 32768-61000 for
> : high-usage systems.
>
> ie: inclusive.
>
> Documentation/networking/ip-sysctl.txt says
>
> : ip_local_port_range - 2 INTEGERS
> : Defines the local port range that is used by TCP and UDP to
> : choose the local port. The first number is the first, the
> : second the last local port number. Default value depends on
> : amount of memory available on the system:
> : > 128Mb 32768-61000
> : < 128Mb 1024-4999 or even less.
> : This number defines number of active connections, which this
> : system can issue simultaneously to systems not supporting
> : TCP extensions (timestamps). With tcp_tw_recycle enabled
> : (i.e. by default) range 1024-4999 is enough to issue up to
> : 2000 connections per second to systems supporting timestamps.
>
> also inclusive.

I'm also agree, that we should have an ability to use the same
minimum/maximum port number for the cases when we want to use only
one port.

--
Anton Arapov, <aarapov@xxxxxxxxxx>
GPG Key ID: 0x6FA8C812

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Paul Jackson: "Re: [RFC] cpuset update_cgroup_cpus_allowed"
Previous message: Ingo Molnar: "[patch] sound: fix bootup crash in snd_gus_interrupt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]