From owner-freebsd-net@FreeBSD.ORG  Sat Mar  5 00:39:38 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 0671F106566B;
	Sat,  5 Mar 2011 00:39:38 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from doug-optiplex.ka9q.net (hub.freebsd.org
	[IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 22AA41624C8;
	Sat,  5 Mar 2011 00:39:37 +0000 (UTC)
Message-ID: <4D718648.801@FreeBSD.org>
Date: Fri, 04 Mar 2011 16:39:36 -0800
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.14) Gecko/20110301 Thunderbird/3.1.8
MIME-Version: 1.0
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
References: <AANLkTi=rF+CYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com>
	<4D411CC6.1090202@gont.com.ar>
	<AANLkTinvg5tft8xockuuV9g5QYd36ko9qO4YCvy5bkJ1@mail.gmail.com>
	<4D431258.8040704@FreeBSD.org>
	<AANLkTimhZ_pxTGt958AX8m=+S=g2hqsst=GH1a99D0g1@mail.gmail.com>
	<4D437B13.1070405@FreeBSD.org>
	<AANLkTim4=xa0rfoLgt-ao30XoZkLZ1hMYzE6LsrLNcbM@mail.gmail.com>
	<4D518FB3.3040503@FreeBSD.org> <4D6AB2BD.50208@gont.com.ar>
	<4D6AB636.3030708@FreeBSD.org>
	<alpine.BSF.2.00.1103031222160.6104@ai.fobar.qr>
In-Reply-To: <alpine.BSF.2.00.1103031222160.6104@ai.fobar.qr>
X-Enigmail-Version: 1.1.2
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Net <freebsd-net@freebsd.org>, Ivo Vachkov <ivo.vachkov@gmail.com>
Subject: Re: Proposed patch for Port Randomization modifications according
 to RFC6056
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Mar 2011 00:39:38 -0000

On 03/04/2011 16:21, Bjoern A. Zeeb wrote:
> On Sun, 27 Feb 2011, Doug Barton wrote:

>> As for default algorithm, is there any reason not to make it 4?
>
> Yes, it's expensive both computation time and stack wise. Last I put
> MD5ctxs on the stack I was told that it was previously avoided do to
> stack limits. I haven't seen complaints on lists about it but it
> possibly still true for small embedded.
>
> I'd also like to see a proper benchmark before switching the default
> on both state of the art and a soekris kind class of machine.

We expect people doing embedded work to make all kinds of adjustments, I 
can't see any reason why this shouldn't be one of them. Modern 
general-purpose machines have more than enough resources to handle this.

That said, maybe we need a knob like EMBEDDED to more easily handle some 
of these issues. I could see an default of alg 4 but something less 
computationally intensive ifdef EMBEDDED.

> That said I messed with the patch to avoid the two copies of the
> algorithms (so it will not be 4 soon). I know it compiles but I have
> yet to test it. I'd love to hear opinions. The #ifdef INET6/INETs
> are ugly but we'll see those a lot more and need to figure out
> differnt ways to our code was written the last 10 years.
>
> http://people.freebsd.org/~bz/20110303-01-rfc6056.diff
>
> The patch also includes a bugfix for the ipv6 case wrt to
> "un-binding" on error.

Cool! I'll try to test this new patch this weekend.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/