randomize source port

["Jeremy C. Reed" <reed%reedmedia.net@localhost>]

As a quick test, I did the following:

--- in_pcb.c    5 May 2008 17:11:17 -0000       1.125
+++ in_pcb.c    11 Jul 2008 15:33:49 -0000
@@ -332,6 +332,8 @@
                        mymax = swp;
                }
 
+               *lastport = mymax - (arc4random() % (mymax - mymin));
+
                lport = *lastport - 1;
                for (cnt = mymax - mymin + 1; cnt; cnt--, lport--) {
                        if (lport < mymin || lport > mymax)


With default sysctl:

net.inet.ip.anonportmin = 49152
net.inet.ip.anonportmax = 65535

Using gethostbyname2(3), I did many lookups (some simultaneously) to one 
of my local nameservers.

Before my patch, the source port counted down from 65026 to 64845.

After my patch, the source port, I didn't see any noticable sequence of 
counting down, such as:

52362
59398
64223
51205
55882
...
50004
64005
64193
51223
53918

And the range of 49202 to 65491.


By the way, FreeBSD has these sysctl tunables:

net.inet.ip.portrange.randomized
        Enable random port allocation. (Default is on.)

net.inet.ip.portrange.randomcps
        Maximum number of random port allocations in last second 
        before switching to a sequental one. (Default is 10.)

net.inet.ip.portrange.randomtime
        Minimum time to keep sequental port allocation (while randomcps
        is not reached) before switching back to a random one. (Default
        is 45 seconds.)