Date: Sat, 26 May 2001 00:16:02 -0700 From: Dima Dorfman <dima@unixfreak.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Alfred Perlstein <bright@rush.net>, net@FreeBSD.ORG Subject: Re: Randomized IP ID patch Message-ID: <20010526071602.9916C3E28@bazooka.unixfreak.org> In-Reply-To: <20010525235011.A44657@xor.obsecurity.org>; from kris@obsecurity.org on "Fri, 25 May 2001 23:50:11 -0700"
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@obsecurity.org> writes: > On Sat, May 26, 2001 at 02:46:44AM -0400, Alfred Perlstein wrote: > > * Kris Kennaway <kris@obsecurity.org> [010526 02:38] wrote: > > > A while back I posted a version of this which was activated by sysctl, > > > but people didn't like the per-packet performance overhead, so here's > > > an updated version which uses a compile-time option. Please review; > > > I'd like to commit this soon. > > > > > > > This seems pretty cool, I'm suprised you had people objecting to > > a single check of whether or not to run an external function. > > (I'd rather see this configurable while the system is running). > > Well, I could have done it by switching functions, but people also > objected to the kernel bloat. To be fair, this is a pretty minor > information leak, so many people will not care about it. If it makes sense to be able to switch it on and off at run-time (e.g., it may make sense to, say, use it to compare resposne from something), you can make the sysctl conditional on the compile-time option. If Alfred just wanted to be able to switch it on without recompiling a kernel (e.g., while running GENERIC), this obviously doesn't help. Just food for thought, I guess. I like it either way :-). Thanks! Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010526071602.9916C3E28>