Proposed patch for Port Randomization modifications according to RFC6056

Doug Barton dougb at FreeBSD.org
Sat Jan 29 02:27:35 UTC 2011 

On 01/28/2011 11:57, Ivo Vachkov wrote:
> On Fri, Jan 28, 2011 at 9:00 PM, Doug Barton<dougb at freebsd.org>  wrote:

>> How does net.inet.ip.portrange.randomalg sound? I would also suggest that
>> the second sysctl be named net.inet.ip.portrange.randomalg.alg5_tradeoff so
>> that one could do 'sysctl net.inet.ip.portrange.randomalg' and see both
>> values. But I won't quibble on that. :)
>>
>
> I have no objections with this. Since this is my first attempt to
> contribute something back to the community I decided to see how it's
> done before. So I found:
> net.inet.tcp.rfc1323
> net.inet.tcp.rfc3465
> net.inet.tcp.rfc3390
> net.inet.tcp.rfc3042
> which probably led me in a wrong direction :)

Yeah, I had actually intended to say something to the effect of "there 
are plenty of unfortunate examples in the tree already so your doing it 
that way is totally understandable" but I trimmed it.

> I understand your point and agree with it. However, my somewhat
> limited understanding of the sysctl internal organization is telling
> me that tree node does not support values. Am I wrong?

You are likely correct. :)  It's an inconvenient fact that often forget 
because that's not the sandbox that I usually play in.

> If my reasoning
> is correct, maybe I can create the sysctl variables with the following
> names:
> - net.inet.ip.portrange.randomalg (Tree Node)
> - net.inet.ip.portrange.randomalg.alg[orithm] (Leaf Node, to store the
> selected algorithm)

I would go with "version" to increase the visual distinctiveness. I 
searched the current tree and there doesn't seem to be a clear winner 
for how to portray "this is the current N/M that is in use" but 
"version" seems to have the most representatives.

> - net.inet.ip.portrange.randomalg.alg5_tradeoff (Leaf Node, to store
> the Algorithm 5 trade-off value)

I'm assuming this is the "N" value mentioned in the RFC. If so, I 
commend you on your choice of "tradeoff" to represent it. :)


hth,

Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/

More information about the freebsd-net mailing list