From owner-svn-src-head@FreeBSD.ORG Fri Apr 3 12:41:19 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8A2539F; Fri, 3 Apr 2015 12:41:19 +0000 (UTC) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3C390330; Fri, 3 Apr 2015 12:41:19 +0000 (UTC) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id A09371FE022; Fri, 3 Apr 2015 14:41:16 +0200 (CEST) Message-ID: <551E8A96.6030806@selasky.org> Date: Fri, 03 Apr 2015 14:41:58 +0200 From: Hans Petter Selasky User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Gleb Smirnoff Subject: Re: svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf References: <551DA5EA.1080908@selasky.org> <551DAC9E.9010303@selasky.org> <358EC58D-1F92-411E-ADEB-8072020E9EB3@FreeBSD.org> <551DEF26.4000403@selasky.org> <4B7DAA59-389F-41AE-99D8-034A7AA61C99@FreeBSD.org> <551E520E.1040708@selasky.org> <6DF5FB51-8135-4144-BD3A-6E4127A23AA7@FreeBSD.org> <551E5C38.7070203@selasky.org> <78DD67BD-621C-451D-8E30-EC9BF396716F@FreeBSD.org> <551E6E72.8050208@selasky.org> <20150403112927.GQ64665@FreeBSD.org> In-Reply-To: <20150403112927.GQ64665@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: Mateusz Guzik , Ian Lepore , svn-src-all@freebsd.org, src-committers@freebsd.org, "Robert N. M. Watson" , svn-src-head@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 12:41:19 -0000 On 04/03/15 13:29, Gleb Smirnoff wrote: > On Fri, Apr 03, 2015 at 12:41:54PM +0200, Hans Petter Selasky wrote: > H> "ip_do_randomid" is zero by default, and is not documented anywhere: > H> > H> grep -r ip_do_randomid share/ > > It is documented in inet(4). > > The actual sysctl knob doesn't match the kernel symbol name, which is > allowed in sysctl(9). > Hi, Will you mind if I rephrase that paragraph in the "inet.4" manual page from: "This closes a minor information leak which allows remote observers to determine the rate of packet generation on the machine by watching the counter." Into: "This prevents high-speed information exchange between internal and external observers using packet frequency modulation. An outside observer can ping the outside facing port at a fixed rate watching the counter. An inside observer can ping the inside facing port watching the same counter. Even though packets don't flow between the two ports, data can be exchanged by watching changes in the packet rate. It is believed that data can be exchanged in Kb/s range this way. Setting this sysctl also prevents remote and internal observers to determine the rate of packet generation on the machine by watching the counter." --HPS