Date: Sat, 11 Apr 2020 14:28:20 -0700 From: Conrad Meyer <cem@freebsd.org> To: "Alexander V. Chernikov" <melifaro@freebsd.org> Cc: svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org>, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r359797 - in head/sys: net netinet netinet6 Message-ID: <CAG6CVpUUxs5ztoOnSMHCHF9ppBmUTRh315HiQ6H5cYXbuXSaUQ@mail.gmail.com> In-Reply-To: <6140881586636906@vla5-dcf36e533bf7.qloud-c.yandex.net> References: <202004110737.03B7b8cS067986@repo.freebsd.org> <CAG6CVpXrVDso1i1Sq3KYVXi5%2BHyW7kwTYbq6C7otAPbCDWdgkg@mail.gmail.com> <6140881586636906@vla5-dcf36e533bf7.qloud-c.yandex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 11, 2020 at 1:45 PM Alexander V. Chernikov <melifaro@freebsd.org> wrote: > This number only affects selection of the outbound path in presence of mu= ltiple paths available for the same prefix. It means to mitigate hash polar= ization in the network ( https://www.cisco.com/c/en/us/support/docs/ip/expr= ess-forwarding-cef/116376-technote-cef-00.html contains somewhat relevant d= escription). > I don't think it that knowing the number make DoSing of the particular sy= stem easier. Thanks! Does it need to be stable over time, or would it be acceptable to be updated at some point? > However, better quality randomness is always good. > Speaking of "when" it is needed - you're right, it is needed pretty late = in the boot process, after the userland starts. > Will moving the order to SI_SUB_LAST help or I need to trigger number gen= eration by different means? SI_SUB_LAST is better, sure. If you want to ensure you eventually get a random number, and changing the number at runtime is acceptable, you could have userspace induce seeding. But maybe that is unnecessarily complex. Typical x86 systems using loader will have good entropy available already at this point, outside of the installer or if there is /boot corruption. (It sounds like this application would be fine with not really random numbers, at least early in boot. We don't have a great API for that need today, unfortunately.) Cheers, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpUUxs5ztoOnSMHCHF9ppBmUTRh315HiQ6H5cYXbuXSaUQ>