Date: Tue, 08 Feb 2011 10:47:15 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Ivo Vachkov <ivo.vachkov@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org>, bz@freebsd.org Subject: Re: Proposed patch for Port Randomization modifications according to RFC6056 Message-ID: <4D518FB3.3040503@FreeBSD.org> In-Reply-To: <AANLkTim4=xa0rfoLgt-ao30XoZkLZ1hMYzE6LsrLNcbM@mail.gmail.com> References: <AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com> <4D411CC6.1090202@gont.com.ar> <AANLkTinvg5tft8xockuuV9g5QYd36ko9qO4YCvy5bkJ1@mail.gmail.com> <4D431258.8040704@FreeBSD.org> <AANLkTimhZ_pxTGt958AX8m=%2BS=g2hqsst=GH1a99D0g1@mail.gmail.com> <4D437B13.1070405@FreeBSD.org> <AANLkTim4=xa0rfoLgt-ao30XoZkLZ1hMYzE6LsrLNcbM@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been up and running on this patch vs. r218391 for over 24 hours now, using algorithm 4 (as someone said is now the default in Linux) without any problems. I think Bjoern is better qualified than I to comment on the style of the patch, but it applies cleanly, and seems to run fine on both v4 and v6. hth, Doug On 01/31/2011 04:52, Ivo Vachkov wrote: > Hello, > > I attach the latest version of the port randomization code as a patch > against RELENG_8. > > Changelog: > 1) sysctl variable names are changed to: > - 'net.inet.ip.portrange.randomalg.version' - representing the > algorithm of choice. > - 'net.inet.ip.portrange.randomalg.alg5_tradeoff' - representing the > Algorithm 5 computational tradeoff value (the 'N' value in the > Algorithm 5 description in the RFC 6056). > 2) Code comments are synchronized with the current variable names. > > Ivo Vachkov > > On Sat, Jan 29, 2011 at 4:27 AM, Doug Barton<dougb@freebsd.org> wrote: >> On 01/28/2011 11:57, Ivo Vachkov wrote: >>> >>> On Fri, Jan 28, 2011 at 9:00 PM, Doug Barton<dougb@freebsd.org> wrote: >> >>>> How does net.inet.ip.portrange.randomalg sound? I would also suggest that >>>> the second sysctl be named net.inet.ip.portrange.randomalg.alg5_tradeoff >>>> so >>>> that one could do 'sysctl net.inet.ip.portrange.randomalg' and see both >>>> values. But I won't quibble on that. :) >>>> >>> >>> I have no objections with this. Since this is my first attempt to >>> contribute something back to the community I decided to see how it's >>> done before. So I found: >>> net.inet.tcp.rfc1323 >>> net.inet.tcp.rfc3465 >>> net.inet.tcp.rfc3390 >>> net.inet.tcp.rfc3042 >>> which probably led me in a wrong direction :) >> >> Yeah, I had actually intended to say something to the effect of "there are >> plenty of unfortunate examples in the tree already so your doing it that way >> is totally understandable" but I trimmed it. >> >>> I understand your point and agree with it. However, my somewhat >>> limited understanding of the sysctl internal organization is telling >>> me that tree node does not support values. Am I wrong? >> >> You are likely correct. :) It's an inconvenient fact that often forget >> because that's not the sandbox that I usually play in. >> >>> If my reasoning >>> is correct, maybe I can create the sysctl variables with the following >>> names: >>> - net.inet.ip.portrange.randomalg (Tree Node) >>> - net.inet.ip.portrange.randomalg.alg[orithm] (Leaf Node, to store the >>> selected algorithm) >> >> I would go with "version" to increase the visual distinctiveness. I searched >> the current tree and there doesn't seem to be a clear winner for how to >> portray "this is the current N/M that is in use" but "version" seems to have >> the most representatives. >> >>> - net.inet.ip.portrange.randomalg.alg5_tradeoff (Leaf Node, to store >>> the Algorithm 5 trade-off value) >> >> I'm assuming this is the "N" value mentioned in the RFC. If so, I commend >> you on your choice of "tradeoff" to represent it. :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D518FB3.3040503>