From owner-svn-src-all@FreeBSD.ORG Fri Apr 3 15:14:49 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8E9E6E20; Fri, 3 Apr 2015 15:14:49 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 10E3F769; Fri, 3 Apr 2015 15:14:48 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id t33FEiVM073650 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 3 Apr 2015 18:14:44 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id t33FEi47073649; Fri, 3 Apr 2015 18:14:44 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 3 Apr 2015 18:14:44 +0300 From: Gleb Smirnoff To: Hans Petter Selasky Subject: Re: svn commit: r281024 - head/share/man/man4 Message-ID: <20150403151444.GC64665@FreeBSD.org> References: <201504031400.t33E094r076234@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201504031400.t33E094r076234@svn.freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 15:14:49 -0000 Hans, On Fri, Apr 03, 2015 at 02:00:09PM +0000, Hans Petter Selasky wrote: H> Author: hselasky H> Date: Fri Apr 3 14:00:08 2015 H> New Revision: 281024 H> URL: https://svnweb.freebsd.org/changeset/base/281024 H> H> Log: H> Add more documentation about the "net.inet.ip.random_id" sysctl knob H> and how it can affect information flow between observers. What the hell? At Fri, 3 Apr 2015 15:41:21 +0300 (MSK) you ask: > Will you mind if I rephrase that paragraph in the "inet.4" ... And at Fri, 3 Apr 2015 17:00:14 +0300 (MSK) you commit. You gave 1 hour and 19 minutes for review! Is this acceptable at all? H> MFC after: 1 week Now this sounds like a threat. Please back out this very questionable change, and then it will be discussed. H> Modified: H> head/share/man/man4/inet.4 H> H> Modified: head/share/man/man4/inet.4 H> ============================================================================== H> --- head/share/man/man4/inet.4 Fri Apr 3 13:57:14 2015 (r281023) H> +++ head/share/man/man4/inet.4 Fri Apr 3 14:00:08 2015 (r281024) H> @@ -28,7 +28,7 @@ H> .\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93 H> .\" $FreeBSD$ H> .\" H> -.Dd April 2, 2015 H> +.Dd April 3, 2015 H> .Dt INET 4 H> .Os H> .Sh NAME H> @@ -244,10 +244,22 @@ IP datagrams (or all IP datagrams, if H> .Va ip.rfc6864 H> is disabled) to be randomized instead of incremented by 1 with each packet H> generated. H> -This closes a minor information leak which allows remote observers to H> +This prevents information exchange between any combination of two or H> +more inside and/or outside observers using packet frequency H> +modulation, PFM. H> +An outside observer can ping the outside facing port at a fixed rate H> +sampling the returned counter. H> +An inside observer can ping the inside facing port sampling the same H> +counter. H> +Even though packets don't flow directly between any of the observers H> +any single observer can influence the data rate the other observer(s) H> +is or are sampling. H> +This is done by sending more or less ping packets towards the gateway H> +per measured interval. H> +Setting this sysctl also prevents the remote and internal observers to H> determine the rate of packet generation on the machine by watching the H> counter. H> -In the same time, on high-speed links, it can decrease the ID reuse H> +At the same time, on high-speed links, it can decrease the ID reuse H> cycle greatly. H> Default is 0 (sequential IP IDs). H> IPv6 flow IDs and fragment IDs are always random. H> -- Totus tuus, Glebius.