From owner-svn-src-head@freebsd.org Mon Jul 31 05:23:26 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E5ACDCA35A; Mon, 31 Jul 2017 05:23:26 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 224F7683A1; Mon, 31 Jul 2017 05:23:25 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id c3AhdiB1sMaqMc3AidJ8xw; Sun, 30 Jul 2017 23:23:19 -0600 X-Authority-Analysis: v=2.2 cv=Qc8WhoTv c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=G3gG6ho9WtcA:10 a=SWg00rOMAAAA:8 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=r2EcXQugN9ykcdfzfG0A:9 a=CjuIK1q_8ugA:10 a=nWvTgx2JuP7DHgfbJPXu:22 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 434FE3DF; Sun, 30 Jul 2017 22:23:15 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v6V5Lxs6004242; Sun, 30 Jul 2017 22:21:59 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201707310521.v6V5Lxs6004242@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Xin Li cc: Cy Schubert , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, d@delphij.net Subject: Re: svn commit: r321605 - head/contrib/ipfilter In-Reply-To: Message from Xin Li of "Sun, 30 Jul 2017 20:25:19 -0700." <59e80a44-d9de-5081-9eda-f068188b843f@delphij.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 30 Jul 2017 22:21:59 -0700 X-CMAE-Envelope: MS4wfCNe+NdSOKEpMiS/Kbc5T7bdvTawLBc+gWGL2+kPTDEMQPy4wiXXvJxcqDjGWb2uwsz3HgMvyAaaHAC4RsimWNhzCQGKD5lh2YoQbkNAKBSAeQeOSClW osRFjtCWpeCwRUCMUCDYNnHmh+VCuImSfdiaZusQHsQLv8129wmsws4uBsPnMd2efLdLxmgVok3MLUjB2RCDFslrMMpENkkyylNOXA8xDVPSIVrRU+8Eajqw BWebfzV65c/a3KRpPQFr1+CFC0Xv9+i3hS2kVqL/VfqvvIiAmDPclfheNEThwT+/GRKbSH7wFb4g2AdOczIRd77rKeAMgVCFk6/0y9Fiy+w= X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2017 05:23:26 -0000 In message <59e80a44-d9de-5081-9eda-f068188b843f@delphij.net>, Xin Li writes: > On 7/26/17 23:26, Cy Schubert wrote: > > Author: cy > > Date: Thu Jul 27 06:26:15 2017 > > New Revision: 321605 > > URL: https://svnweb.freebsd.org/changeset/base/321605 > >=20 > > Log: > > As in r315225, discard 3072 bytes of RC4 bytestream instead of 1024. > > =20 > > PR: 217920 > > Submitted by: codarren@hackers.mu > > Reviewed by: emaste, cem > > Approved by: so (implicit, in r315225) > > Why ipfilter is using its own pseudo random number generator? Please > remove them altogether and use the system PRNG instead. It uses this code when it builds the kernel sources in a userland program called ipftest. ipftest is a userland application outside of the kernel in which users pass generated or captured packets into it to test arbitrary ipfilter rules, which are separate from those in the kernel. ipftest is a rule testing application. ipftest is currently broken (it segfaults) and in my queue for loving attention. I'll look into using the libkern version of arc4rand(9) in this userland utility. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.