From owner-freebsd-net@FreeBSD.ORG Mon Oct 29 15:04:27 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9070C16A468; Mon, 29 Oct 2007 15:04:27 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (cl-162.ewr-01.us.sixxs.net [IPv6:2001:4830:1200:a1::2]) by mx1.freebsd.org (Postfix) with ESMTP id EC54713C4A6; Mon, 29 Oct 2007 15:04:26 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id l9TF4P1r068968; Mon, 29 Oct 2007 10:04:25 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id l9TF4O1T068967; Mon, 29 Oct 2007 10:04:24 -0500 (CDT) (envelope-from brooks) Date: Mon, 29 Oct 2007 10:04:24 -0500 From: Brooks Davis To: "Bruce M. Simpson" Message-ID: <20071029150424.GA68594@lor.one-eyed-alien.net> References: <20070909201837.GA18107@inf.ethz.ch> <20071026154057.GG1049@styx.ethz.ch> <4722AEB3.1010208@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline In-Reply-To: <4722AEB3.1010208@FreeBSD.org> User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (lor.one-eyed-alien.net [127.0.0.1]); Mon, 29 Oct 2007 10:04:25 -0500 (CDT) Cc: freebsd-net@FreeBSD.org, Matus Harvan , Max Laier Subject: Re: UDP catchall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2007 15:04:27 -0000 --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 27, 2007 at 04:21:23AM +0100, Bruce M. Simpson wrote: > Matus Harvan wrote: > > Hi, > > > > I was wondering if I could get some feedback about the patch and > > whether others think it could be committed. > > =20 >=20 > The UDP catchall patch as submitted here clashes with the blackhole=20 > functionality, and also bypasses the update of the protocol statistics a= nd=20 > unreachable port rate limiting. It is not yet suitable for a production= =20 > kernel. >=20 > It probably shouldn't trigger the log_in_vain message, however that log= =20 > message is misleading anyway (the reception of UDP datagrams destined fo= r=20 > unbound ports is not a 'connection attempt'). >=20 > I would argue that the UDP and TCP catchall feature should perhaps have = a=20 > configurable port range as well, under=20 > net.inet.ip.portrange.relayhigh/relaylow. This would allow the inpcb cod= e to=20 > avoid allocating sockets from that range at all -- as well as allowing= =20 > inbound packets for that range to be immediately relayed to mtund withou= t=20 > the cost of a hash lookup. While I think this idea has some merit, I think we specifically want the current wildcard ability to allow for a system that requires minimal configuration. The problem with a range is that it doesn't allow disjoint sets and it requires that if you really do want all the ports you need to produce a list of currently allocated ports to avoid allocating. A more (over)engineered solution holds some attraction, but I'm not yet convinced the fact that it could exist precludes the current implementation. -- Brooks --SUOF0GtieIMvvwua Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFHJfZ3XY6L6fI4GtQRAjRcAJ9PkFzl9krtoFlgTw9wJUm5L0+UEQCgpt1g 9mxaAZuuCItNmZWLG7QeiCY= =lkBT -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--