Date: Tue, 17 Apr 2001 19:06:30 +0100 From: David Pick <D.M.Pick@qmw.ac.uk> To: freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG, provos@OpenBSD.org Subject: Re: non-random IP IDs Message-ID: <E14pZry-0002mO-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "Tue, 17 Apr 2001 13:45:26 EDT." <Pine.BSF.4.31.0104171343380.29592-100000@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Would it be better to do it as a kernel option?
> options IP_RANDOM_IP_ID for instance? I guess the question is, does the
> kernel have to do a comparison to the sysctl variable each time?
No. *IF* (big if!) something gets notified when a sysctl variable
gets changed (and I don't know of this is true) then if can test
the variable once and set a *function* variable to one of two
functions: one simple and fast, the other complicated and slow.
No test needed for every packet. Of course, the overhead of a
procedure call might (in the fast case) be more than the overhead
of an inline test. So perhaps write it as:
if (function variable) {
function_varuable(parameter)
} else {
/* inline code */
}
But there a *lots* of other tests per packet - is one more *that* bad?
--
David Pick
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E14pZry-0002mO-00>