Date: Sun, 30 Jul 2017 22:21:59 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: Xin Li <delphij@delphij.net> Cc: Cy Schubert <cy@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, d@delphij.net Subject: Re: svn commit: r321605 - head/contrib/ipfilter Message-ID: <201707310521.v6V5Lxs6004242@slippy.cwsent.com> In-Reply-To: Message from Xin Li <delphij@delphij.net> of "Sun, 30 Jul 2017 20:25:19 -0700." <59e80a44-d9de-5081-9eda-f068188b843f@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <59e80a44-d9de-5081-9eda-f068188b843f@delphij.net>, Xin Li writes: > On 7/26/17 23:26, Cy Schubert wrote: > > Author: cy > > Date: Thu Jul 27 06:26:15 2017 > > New Revision: 321605 > > URL: https://svnweb.freebsd.org/changeset/base/321605 > >=20 > > Log: > > As in r315225, discard 3072 bytes of RC4 bytestream instead of 1024. > > =20 > > PR: 217920 > > Submitted by: codarren@hackers.mu > > Reviewed by: emaste, cem > > Approved by: so (implicit, in r315225) > > Why ipfilter is using its own pseudo random number generator? Please > remove them altogether and use the system PRNG instead. It uses this code when it builds the kernel sources in a userland program called ipftest. ipftest is a userland application outside of the kernel in which users pass generated or captured packets into it to test arbitrary ipfilter rules, which are separate from those in the kernel. ipftest is a rule testing application. ipftest is currently broken (it segfaults) and in my queue for loving attention. I'll look into using the libkern version of arc4rand(9) in this userland utility. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707310521.v6V5Lxs6004242>