Date: Wed, 26 Jan 2011 13:28:07 +0200 From: Ivo Vachkov <ivo.vachkov@gmail.com> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: Proposed patch for Port Randomization modifications according to RFC6056 Message-ID: <AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--0015175ce06ac62152049abe21a9 Content-Type: text/plain; charset=UTF-8 Hello, I would like to propose a patch (against FreeBSD RELENG_8) to extend the port randomization support in FreeBSD, according to RFC6056 (https://www.rfc-editor.org/rfc/rfc6056.txt) Currently the patch implements: - Algorithm 1 (default in FreeBSD 8) - Algorithm 2 - Algorithm 5 from the aforementioned RFC6056. Any of those algorithms can be chosen with the sysctl variable net.inet.ip.portrange.rfc6056_algorithm. I deliberately skipped Algorithm 3 and Algorithm 4, because I believe usage of cryptographic hash functions will introduce unnecessary latency in vital network operations. However, in case of expressed interest, I will be glad to add those too. I would like to ask what is the proper way to validate the sysctl input in order to accept only a specific values? In my case only '1', '2' and '5'. Thank you very much. Ivo Vachkov --0015175ce06ac62152049abe21a9 Content-Type: text/x-patch; charset=US-ASCII; name="freebsd-RELENG_8-rfc6056.patch" Content-Disposition: attachment; filename="freebsd-RELENG_8-rfc6056.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gje4xjku0 ZGlmZiAtciBmYmYxMzEzMzYyZDcgc3JjL3N5cy9uZXRpbmV0L2luX3BjYi5jCi0tLSBhL3NyYy9z eXMvbmV0aW5ldC9pbl9wY2IuYwlUdWUgSmFuIDI1IDE0OjAzOjM3IDIwMTEgKzAyMDAKKysrIGIv c3JjL3N5cy9uZXRpbmV0L2luX3BjYi5jCVdlZCBKYW4gMjYgMTI6NTg6MDUgMjAxMSArMDIwMApA QCAtMTA5LDYgKzEwOSw3IEBACiBWTkVUX0RFRklORShpbnQsIGlwcG9ydF9zdG9wcmFuZG9tKTsJ CS8qIHRvZ2dsZWQgYnkgaXBwb3J0X3RpY2sgKi8KIFZORVRfREVGSU5FKGludCwgaXBwb3J0X3Rj cGFsbG9jcyk7CiBzdGF0aWMgVk5FVF9ERUZJTkUoaW50LCBpcHBvcnRfdGNwbGFzdGNvdW50KTsK K1ZORVRfREVGSU5FKGludCwgaXBwb3J0X3JmYzYwNTZhbGcpID0gMTsJLyogdXNlciBjb250cm9s bGVkIHZpYSBzeXNjdGwgKi8KIAogI2RlZmluZQlWX2lwcG9ydF90Y3BsYXN0Y291bnQJCVZORVQo aXBwb3J0X3RjcGxhc3Rjb3VudCkKIApAQCAtMTc0LDYgKzE3NSw4IEBACiAJJlZORVRfTkFNRShp cHBvcnRfcmFuZG9tdGltZSksIDAsCiAJIk1pbmltdW0gdGltZSB0byBrZWVwIHNlcXVlbnRhbCBw b3J0ICIKIAkiYWxsb2NhdGlvbiBiZWZvcmUgc3dpdGNoaW5nIHRvIGEgcmFuZG9tIG9uZSIpOwor U1lTQ1RMX1ZORVRfSU5UKF9uZXRfaW5ldF9pcF9wb3J0cmFuZ2UsIE9JRF9BVVRPLCByZmM2MDU2 X2FsZ29yaXRobSwgQ1RMRkxBR19SVywKKwkmVk5FVF9OQU1FKGlwcG9ydF9yZmM2MDU2YWxnKSwg MCwgIlJGQyA2MDU2IFBvcnQgcmFuZG9taXphdGlvbiBhbGdvcml0aG0iKTsKIAogLyoKICAqIGlu X3BjYi5jOiBtYW5hZ2UgdGhlIFByb3RvY29sIENvbnRyb2wgQmxvY2tzLgpAQCAtNDY4LDIxICs0 NzEsNzUgQEAKIAkJCWxhc3QgPSBhdXg7CiAJCX0KIAotCQlpZiAoZG9yYW5kb20pCi0JCQkqbGFz dHBvcnQgPSBmaXJzdCArCi0JCQkJICAgIChhcmM0cmFuZG9tKCkgJSAobGFzdCAtIGZpcnN0KSk7 Ci0KIAkJY291bnQgPSBsYXN0IC0gZmlyc3Q7CiAKLQkJZG8gewotCQkJaWYgKGNvdW50LS0gPCAw KQkvKiBjb21wbGV0ZWx5IHVzZWQ/ICovCi0JCQkJcmV0dXJuIChFQUREUk5PVEFWQUlMKTsKLQkJ CSsrKmxhc3Rwb3J0OwotCQkJaWYgKCpsYXN0cG9ydCA8IGZpcnN0IHx8ICpsYXN0cG9ydCA+IGxh c3QpCi0JCQkJKmxhc3Rwb3J0ID0gZmlyc3Q7Ci0JCQlscG9ydCA9IGh0b25zKCpsYXN0cG9ydCk7 Ci0JCX0gd2hpbGUgKGluX3BjYmxvb2t1cF9sb2NhbChwY2JpbmZvLCBsYWRkciwKLQkJICAgIGxw b3J0LCB3aWxkLCBjcmVkKSk7CisJCS8qIAorCQkgKiBBY2NvcmRpbmcgdG8gUkZDNjA1NiB0aGVy ZSBhcmUgNSAoZml2ZSkgcG9zc2libGUgYWxnb3JpdGhtcworCQkgKiBmb3IgcmFuZG9tIHBvcnQg YWxsb2NhdGlvbi4gVXNhZ2Ugb2YgYSBwYXJ0aWN1bGFyIGFsZ29yaXRobQorCQkgKiBpcyBzcGVj aWZpZWQgd2l0aCB0aGUgJ25ldC5pbmV0LmlwLnBvcnRyYW5nZS5yZmM2MDU2X2FsZ29yaXRobScK KwkJICogc3lzY3RsIHZhcmlhYmxlLiBEZWZhdWx0IHZhbHVlIGlzIDEsIHdoaWNoIHJlcHJlc2Vu dHMgdGhlCisJCSAqIGxlZ2FjeSByYW5kb20gcG9ydCBhbGxvY2F0aW9uIGFsZ29yaXRobSBpbiBG cmVlQlNELgorCQkgKi8KKwkJaWYgKGRvcmFuZG9tKSB7CisJCQlzd2l0Y2ggKFZfaXBwb3J0X3Jm YzYwNTZhbGcpIHsKKwkJCWNhc2UgNToJCS8qIFJhbmRvbS1JbmNyZW1lbnRzIFBvcnQgU2VsZWN0 aW9uICovCisJCQkJZG8geworCQkJCQlpZiAoY291bnQtLSA8IDApCS8qIGNvbXBsZXRlbHkgdXNl ZD8gKi8KKwkJCQkJCXJldHVybiAoRUFERFJOT1RBVkFJTCk7CisKKwkJCQkJKmxhc3Rwb3J0ID0g Zmlyc3QgKyAoKGFyYzRyYW5kb20oKSAlIDY1NTM2KSArIAorCQkJCQkgICAgKGFyYzRyYW5kb20o KSAlIDUwMCkgKyAxKTsKKworCQkJCQlpZiAoKmxhc3Rwb3J0IDwgZmlyc3QgfHwgKmxhc3Rwb3J0 ID4gbGFzdCkKKwkJCQkJCSpsYXN0cG9ydCA9IGZpcnN0OworCQkJCQlscG9ydCA9IGh0b25zKCps YXN0cG9ydCk7CisJCQkJfSB3aGlsZSAoaW5fcGNibG9va3VwX2xvY2FsKHBjYmluZm8sIGxhZGRy LAorCQkJCSAgICBscG9ydCwgd2lsZCwgY3JlZCkpOworCisJCQkJYnJlYWs7CisJCQljYXNlIDI6 CQkvKiBTaW1wbGUgUG9ydCBSYW5kb21pemF0aW9uIEFsZ29yaXRobSBJSSAqLworCQkJCWRvIHsK KwkJCQkJaWYgKGNvdW50LS0gPCAwKQkvKiBjb21wbGV0ZWx5IHVzZWQ/ICovCisJCQkJCQlyZXR1 cm4gKEVBRERSTk9UQVZBSUwpOworCisJCQkJCSpsYXN0cG9ydCA9IGZpcnN0ICsgKGFyYzRyYW5k b20oKSAlIChsYXN0IC0gZmlyc3QpKTsKKworCQkJCQlpZiAoKmxhc3Rwb3J0IDwgZmlyc3QgfHwg Kmxhc3Rwb3J0ID4gbGFzdCkKKwkJCQkJCSpsYXN0cG9ydCA9IGZpcnN0OworCQkJCQlscG9ydCA9 IGh0b25zKCpsYXN0cG9ydCk7CisJCQkJfSB3aGlsZSAoaW5fcGNibG9va3VwX2xvY2FsKHBjYmlu Zm8sIGxhZGRyLAorCQkJCSAgICBscG9ydCwgd2lsZCwgY3JlZCkpOworCisJCQkJYnJlYWs7CisJ CQljYXNlIDE6CQkvKiBTaW1wbGUgUG9ydCBSYW5kb21pemF0aW9uIEFsZ29yaXRobSBJICovCisJ CQlkZWZhdWx0OgorCQkJCSpsYXN0cG9ydCA9IGZpcnN0ICsgKGFyYzRyYW5kb20oKSAlIChsYXN0 IC0gZmlyc3QpKTsKKworCQkJCWRvIHsKKwkJCQkJaWYgKGNvdW50LS0gPCAwKQkvKiBjb21wbGV0 ZWx5IHVzZWQ/ICovCisJCQkJCQlyZXR1cm4gKEVBRERSTk9UQVZBSUwpOworCisJCQkJCSsrKmxh c3Rwb3J0OworCisJCQkJCWlmICgqbGFzdHBvcnQgPCBmaXJzdCB8fCAqbGFzdHBvcnQgPiBsYXN0 KQorCQkJCQkJKmxhc3Rwb3J0ID0gZmlyc3Q7CisJCQkJCWxwb3J0ID0gaHRvbnMoKmxhc3Rwb3J0 KTsKKwkJCQl9IHdoaWxlIChpbl9wY2Jsb29rdXBfbG9jYWwocGNiaW5mbywgbGFkZHIsCisJCQkJ ICAgIGxwb3J0LCB3aWxkLCBjcmVkKSk7CisJCQl9CisJCX0gZWxzZSB7CisJCQlkbyB7CisJCQkJ aWYgKGNvdW50LS0gPCAwKSAgICAgICAgLyogY29tcGxldGVseSB1c2VkPyAqLworCQkJCQlyZXR1 cm4gKEVBRERSTk9UQVZBSUwpOworCQorCQkJCSsrKmxhc3Rwb3J0OworCisJCQkJaWYgKCpsYXN0 cG9ydCA8IGZpcnN0IHx8ICpsYXN0cG9ydCA+IGxhc3QpCisJCQkJCSpsYXN0cG9ydCA9IGZpcnN0 OworCQkJCWxwb3J0ID0gaHRvbnMoKmxhc3Rwb3J0KTsKKwkJCX0gd2hpbGUgKGluX3BjYmxvb2t1 cF9sb2NhbChwY2JpbmZvLCBsYWRkciwKKwkJCSAgICBscG9ydCwgd2lsZCwgY3JlZCkpOworCQl9 CiAJfQogCSpsYWRkcnAgPSBsYWRkci5zX2FkZHI7CiAJKmxwb3J0cCA9IGxwb3J0OwpkaWZmIC1y IGZiZjEzMTMzNjJkNyBzcmMvc3lzL25ldGluZXQvaW5fcGNiLmgKLS0tIGEvc3JjL3N5cy9uZXRp bmV0L2luX3BjYi5oCVR1ZSBKYW4gMjUgMTQ6MDM6MzcgMjAxMSArMDIwMAorKysgYi9zcmMvc3lz L25ldGluZXQvaW5fcGNiLmgJV2VkIEphbiAyNiAxMjo1ODowNSAyMDExICswMjAwCkBAIC00NjYs NiArNDY2LDcgQEAKIFZORVRfREVDTEFSRShpbnQsIGlwcG9ydF9yYW5kb210aW1lKTsKIFZORVRf REVDTEFSRShpbnQsIGlwcG9ydF9zdG9wcmFuZG9tKTsKIFZORVRfREVDTEFSRShpbnQsIGlwcG9y dF90Y3BhbGxvY3MpOworVk5FVF9ERUNMQVJFKGludCwgaXBwb3J0X3JmYzYwNTZhbGcpOwogCiAj ZGVmaW5lCVZfaXBwb3J0X3Jlc2VydmVkaGlnaAlWTkVUKGlwcG9ydF9yZXNlcnZlZGhpZ2gpCiAj ZGVmaW5lCVZfaXBwb3J0X3Jlc2VydmVkbG93CVZORVQoaXBwb3J0X3Jlc2VydmVkbG93KQpAQCAt NDgwLDYgKzQ4MSw3IEBACiAjZGVmaW5lCVZfaXBwb3J0X3JhbmRvbXRpbWUJVk5FVChpcHBvcnRf cmFuZG9tdGltZSkKICNkZWZpbmUJVl9pcHBvcnRfc3RvcHJhbmRvbQlWTkVUKGlwcG9ydF9zdG9w cmFuZG9tKQogI2RlZmluZQlWX2lwcG9ydF90Y3BhbGxvY3MJVk5FVChpcHBvcnRfdGNwYWxsb2Nz KQorI2RlZmluZSBWX2lwcG9ydF9yZmM2MDU2YWxnCVZORVQoaXBwb3J0X3JmYzYwNTZhbGcpCiAK IGV4dGVybiBzdHJ1Y3QgY2FsbG91dCBpcHBvcnRfdGlja19jYWxsb3V0OwogCg== --0015175ce06ac62152049abe21a9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq>