net.inet.ip.portrange.randomized=1 hurts
Mike Silbersack
silby at silby.com
Wed Jun 2 21:59:28 PDT 2004
On Wed, 2 Jun 2004, Andre Oppermann wrote:
> The random generator indeed works badly. If it was truely random it
> should generate a collision only every (1/range) on average. Maybe
> the arc4random function reuses the same or small number of initial vectors
> all over again leading to the same small set of 'randomized' ports.
>
> --
> Andre
Or it's being seeded poorly by 4.x's inferior random number generator? (I
don't know if it could be THAT bad.)
It looks like we're really bumping into two things:
1. The need for something more suited to this purpose than arc4random
(I'll have to check out Don's code in BIND.)
2. General port recycling issues.
It sounds like sequential port allocation was masking problems of type #2
in the past.
Mike "Silby" Silbersack
More information about the freebsd-net
mailing list