From owner-freebsd-net@FreeBSD.ORG Sat Mar 5 00:22:05 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A6ED1065673; Sat, 5 Mar 2011 00:22:05 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) by mx1.freebsd.org (Postfix) with ESMTP id 1A6CC8FC1F; Sat, 5 Mar 2011 00:22:05 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id B432A25D3868; Sat, 5 Mar 2011 00:21:33 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id DA4BD159959E; Sat, 5 Mar 2011 00:21:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id hzUkSGXtMo6F; Sat, 5 Mar 2011 00:21:31 +0000 (UTC) Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id C813A1599598; Sat, 5 Mar 2011 00:21:30 +0000 (UTC) Date: Sat, 5 Mar 2011 00:21:29 +0000 (UTC) From: "Bjoern A. Zeeb" To: Doug Barton In-Reply-To: <4D6AB636.3030708@FreeBSD.org> Message-ID: References: <4D411CC6.1090202@gont.com.ar> <4D431258.8040704@FreeBSD.org> <4D437B13.1070405@FreeBSD.org> <4D518FB3.3040503@FreeBSD.org> <4D6AB2BD.50208@gont.com.ar> <4D6AB636.3030708@FreeBSD.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Cc: FreeBSD Net , Ivo Vachkov Subject: Re: Proposed patch for Port Randomization modifications according to RFC6056 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2011 00:22:05 -0000 On Sun, 27 Feb 2011, Doug Barton wrote: > On 02/27/2011 12:23, Fernando Gont wrote: >> On 08/02/2011 03:47 p.m., Doug Barton wrote: >> >> [catching up with e-mail] >> >>> I've been up and running on this patch vs. r218391 for over 24 hours >>> now, using algorithm 4 (as someone said is now the default in Linux) >>> without any problems. >>> >>> I think Bjoern is better qualified than I to comment on the style of the >>> patch, but it applies cleanly, and seems to run fine on both v4 and v6. >> >> Has this been commited to the tree, already? -- If so, what's the >> default algorithm? > > Bjoern was planning to do it, I'm going to do it if he doesn't get around to > it. > > As for default algorithm, is there any reason not to make it 4? Yes, it's expensive both computation time and stack wise. Last I put MD5ctxs on the stack I was told that it was previously avoided do to stack limits. I haven't seen complaints on lists about it but it possibly still true for small embedded. I'd also like to see a proper benchmark before switching the default on both state of the art and a soekris kind class of machine. That said I messed with the patch to avoid the two copies of the algorithms (so it will not be 4 soon). I know it compiles but I have yet to test it. I'd love to hear opinions. The #ifdef INET6/INETs are ugly but we'll see those a lot more and need to figure out differnt ways to our code was written the last 10 years. http://people.freebsd.org/~bz/20110303-01-rfc6056.diff The patch also includes a bugfix for the ipv6 case wrt to "un-binding" on error. /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.