Proposed patch for Port Randomization modifications according
to RFC6056
Ivo Vachkov
ivo.vachkov at gmail.com
Mon Jan 31 12:52:31 UTC 2011
Hello,
I attach the latest version of the port randomization code as a patch
against RELENG_8.
Changelog:
1) sysctl variable names are changed to:
- 'net.inet.ip.portrange.randomalg.version' - representing the
algorithm of choice.
- 'net.inet.ip.portrange.randomalg.alg5_tradeoff' - representing the
Algorithm 5 computational tradeoff value (the 'N' value in the
Algorithm 5 description in the RFC 6056).
2) Code comments are synchronized with the current variable names.
Ivo Vachkov
On Sat, Jan 29, 2011 at 4:27 AM, Doug Barton <dougb at freebsd.org> wrote:
> On 01/28/2011 11:57, Ivo Vachkov wrote:
>>
>> On Fri, Jan 28, 2011 at 9:00 PM, Doug Barton<dougb at freebsd.org> wrote:
>
>>> How does net.inet.ip.portrange.randomalg sound? I would also suggest that
>>> the second sysctl be named net.inet.ip.portrange.randomalg.alg5_tradeoff
>>> so
>>> that one could do 'sysctl net.inet.ip.portrange.randomalg' and see both
>>> values. But I won't quibble on that. :)
>>>
>>
>> I have no objections with this. Since this is my first attempt to
>> contribute something back to the community I decided to see how it's
>> done before. So I found:
>> net.inet.tcp.rfc1323
>> net.inet.tcp.rfc3465
>> net.inet.tcp.rfc3390
>> net.inet.tcp.rfc3042
>> which probably led me in a wrong direction :)
>
> Yeah, I had actually intended to say something to the effect of "there are
> plenty of unfortunate examples in the tree already so your doing it that way
> is totally understandable" but I trimmed it.
>
>> I understand your point and agree with it. However, my somewhat
>> limited understanding of the sysctl internal organization is telling
>> me that tree node does not support values. Am I wrong?
>
> You are likely correct. :) It's an inconvenient fact that often forget
> because that's not the sandbox that I usually play in.
>
>> If my reasoning
>> is correct, maybe I can create the sysctl variables with the following
>> names:
>> - net.inet.ip.portrange.randomalg (Tree Node)
>> - net.inet.ip.portrange.randomalg.alg[orithm] (Leaf Node, to store the
>> selected algorithm)
>
> I would go with "version" to increase the visual distinctiveness. I searched
> the current tree and there doesn't seem to be a clear winner for how to
> portray "this is the current N/M that is in use" but "version" seems to have
> the most representatives.
>
>> - net.inet.ip.portrange.randomalg.alg5_tradeoff (Leaf Node, to store
>> the Algorithm 5 trade-off value)
>
> I'm assuming this is the "N" value mentioned in the RFC. If so, I commend
> you on your choice of "tradeoff" to represent it. :)
>
>
> hth,
>
> Doug
>
> --
>
> Nothin' ever doesn't change, but nothin' changes much.
> -- OK Go
>
> Breadth of IT experience, and depth of knowledge in the DNS.
> Yours for the right price. :) http://SupersetSolutions.com/
>
>
--
"UNIX is basically a simple operating system, but you have to be a
genius to understand the simplicity." Dennis Ritchie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20110131-freebsd-RELENG_8-rfc6056.patch
Type: text/x-patch
Size: 17122 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110131/5f2afebc/20110131-freebsd-RELENG_8-rfc6056.bin
More information about the freebsd-net
mailing list