matthew green writes:
> 
>    >Just put it under tcp and document that it impacts udp as well.
>    
>    Why not make it two sysctl's that control both tcp and udp?
>    
>    There is some precent for this; Solaris lets you set
>    {tcp,udp}_{smallest,largest}_anon_port using ndd.
> 
> 
> the problem with both of these is that it affects anything using
> pcbbind (i'm not sure if anything else besides tcp and udp does,
> but that's not the point).  and (now i'm stretching my memory,
> hopefully luke or charles will correct me if i'm wrong :-) as
> the change was made in one place, there's no (easy) way to tell
> whether you're binding a port for tcp or udp.

correct.  so, there's a couple of issues to resolve:
* what section of sysctl do we put it under? i favour net.inet.ip.*,
  as it's probably the closest to what the behaviour does (unless we
  add another section, e.g, net.inet.misc.*)
	my vote: net.inet.ip.*

* is it a flag (0 = use 1024..5000, 1 = use 49152..65535), or
  a `min' and `max' range. i prefer the latter, and have the kernel do
  some quick sanity checking at sysctl time.
	my vote: net.inet.ip.userlow (low end of ephemeral port range),
	and net.inet.ip.userhigh (high end)

* should the sysctls be protected as net.inet.ip.forwsrcrt is (can't
  change if securelevel >=1)
	my vote: protected

thoughts/comments?