Proposed patch for Port Randomization modifications according
to RFC6056
Ivo Vachkov
ivo.vachkov at gmail.com
Fri Jan 28 14:34:16 UTC 2011
Hello,
I would like to thank for the help and for the recommendations.
I attach second version of the patch, I proposed earlier, including
following changes:
1) All RFC6056 algorithms are implemented.
2) Both IPv4 and IPv6 stacks are modified to use the new port
randomization code.
3) There are two variables that can be modified via sysctl:
- net.inet.ip.portrange.rfc6056_algorithm - which allows the super
user to choose one out of the five possible algorithms.
- net.inet.ip.portrange.rfc6056_algorithm5_tradeoff - which allows the
super user to modify the trade-off value used in algorithm 5.
All values are explicitly checked for correctness before usage.
Default values for those variables represent current/legacy port
randomization algorithm and proposed values in the RFC itself.
Thank you very much.
Ivo Vachkov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20110128-freebsd-RELENG_8-rfc6056.patch
Type: text/x-patch
Size: 16890 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110128/8097a3d5/20110128-freebsd-RELENG_8-rfc6056.bin
More information about the freebsd-net
mailing list