From owner-svn-src-all@freebsd.org Mon Jul 31 06:17:22 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C704DCAC83; Mon, 31 Jul 2017 06:17:22 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3396D6966D; Mon, 31 Jul 2017 06:17:21 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id c411diM2nMaqMc412dJDBY; Mon, 31 Jul 2017 00:17:20 -0600 X-Authority-Analysis: v=2.2 cv=Qc8WhoTv c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=G3gG6ho9WtcA:10 a=VxmjJ2MpAAAA:8 a=SWg00rOMAAAA:8 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=aQURqbsA0iTKZVjtE9oA:9 a=gvgE5aWGGUghFNBC:21 a=zhIP_C7Dr5RDXHsw:21 a=CjuIK1q_8ugA:10 a=7gXAzLPJhVmCkEl4_tsf:22 a=nWvTgx2JuP7DHgfbJPXu:22 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 1C4C540B; Sun, 30 Jul 2017 23:17:19 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v6V6G36T052681; Sun, 30 Jul 2017 23:16:03 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201707310616.v6V6G36T052681@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Xin Li , Cy Schubert cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, d@delphij.net Subject: Re: svn commit: r321605 - head/contrib/ipfilter In-Reply-To: Message from Cy Schubert of "Sun, 30 Jul 2017 22:27:13 -0700." <201707310527.v6V5RDRJ004333@slippy.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 30 Jul 2017 23:16:03 -0700 X-CMAE-Envelope: MS4wfC2/41cM6FHv14ZG9j1laIZn9h7v92Yqpc61RPF98kpyNX7B+zaAqpwj5gIWgOGiiBa4D8v48tnd8iBSFTKom6x0zKMtFtZvEiuFp9OzJ2NO/YWPu/ns lPE2mm7YwgX2+TELPfwd+GFasjnRKmRHpjNs14ogwyxNBG+u7lvzurkOWHVx27VkjbSZWra3B2PP97iSCPD0v54rT2tL8K9CPFj1U4W5bksodHaS2dcc+rgt HXSQTF+wgw+dh2sPF8JswH7BfUoBVzCfYWj9UVj364bkDlpU+sRwAIB2JAVUVQn0zkISN6wbmdzK0sBL1zzRma8Sk+0uWrBddsv00QG61ls= X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2017 06:17:22 -0000 In message <201707310527.v6V5RDRJ004333@slippy.cwsent.com>, Cy Schubert writes: > Cy Schubert writes: > > In message <59e80a44-d9de-5081-9eda-f068188b843f@delphij.net>, Xin Li > > writes: > > > On 7/26/17 23:26, Cy Schubert wrote: > > > > Author: cy > > > > Date: Thu Jul 27 06:26:15 2017 > > > > New Revision: 321605 > > > > URL: https://svnweb.freebsd.org/changeset/base/321605 > > > >=20 > > > > Log: > > > > As in r315225, discard 3072 bytes of RC4 bytestream instead of 1024. > > > > =20 > > > > PR: 217920 > > > > Submitted by: codarren@hackers.mu > > > > Reviewed by: emaste, cem > > > > Approved by: so (implicit, in r315225) > > > > > > Why ipfilter is using its own pseudo random number generator? Please > > > remove them altogether and use the system PRNG instead. > > > > It uses this code when it builds the kernel sources in a userland program > > called ipftest. ipftest is a userland application outside of the kernel in > > which users pass generated or captured packets into it to test arbitrary > > ipfilter rules, which are separate from those in the kernel. ipftest is a > > rule testing application. ipftest is currently broken (it segfaults) and in > > > my queue for loving attention. I'll look into using the libkern version of > > arc4rand(9) in this userland utility. > > This will take a little more surgery than initially thought. > > make: "/export/home/cy/freebsd/svn/current/share/mk/src.libnames.mk" line > 563: /export/home/cy/freebsd/svn/current/sbin/ipf/ipftest: Invalid LIBADD > used which may need to be added to src.libnames.mk: libkern > > Probably not a good idea anyway to reference libkern from a userland > utility. Late night moving furniture. Sorry, I should have worded this better. This is an approximation of the libkern arc4rand(9) used in the ipftest(1) userland arbitrary rule testing utility. IP Filter "duplicates" a number of kernel function calls, including this one, to facilitate ipftest's use of ipfilter's kernel sources in the userland utility. My previous email's wording was disrespectful and simply bad. My apologies. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.