Subject: Re: NetBSD master CVS tree commits
To: Luke Mewburn <email@example.com>
From: Ken Hornstein <firstname.lastname@example.org>
Date: 12/30/1997 22:32:32
>* what section of sysctl do we put it under? i favour net.inet.ip.*,
> as it's probably the closest to what the behaviour does (unless we
> add another section, e.g, net.inet.misc.*)
> my vote: net.inet.ip.*
Sounds good to me.
>* is it a flag (0 = use 1024..5000, 1 = use 49152..65535), or
> a `min' and `max' range. i prefer the latter, and have the kernel do
> some quick sanity checking at sysctl time.
> my vote: net.inet.ip.userlow (low end of ephemeral port range),
> and net.inet.ip.userhigh (high end)
I prefer the min/max range as well. I'm not sure I like "userlow" and
"userhigh", though. How about "anon_port_low", or even
"ephemeral_port_low"? (Geez, that's long).
>* should the sysctls be protected as net.inet.ip.forwsrcrt is (can't
> change if securelevel >=1)
> my vote: protected
I would vote against it being protected (unless someone had a good
security argument against it). Maybe it's "protected" for dumb things
when securelevel >= 1 (like, it won't let you set the low range below