svn commit: r281024 - head/share/man/man4

Gleb Smirnoff glebius at FreeBSD.org
Fri Apr 3 15:14:49 UTC 2015 

  Hans,

On Fri, Apr 03, 2015 at 02:00:09PM +0000, Hans Petter Selasky wrote:
H> Author: hselasky
H> Date: Fri Apr  3 14:00:08 2015
H> New Revision: 281024
H> URL: https://svnweb.freebsd.org/changeset/base/281024
H> 
H> Log:
H>   Add more documentation about the "net.inet.ip.random_id" sysctl knob
H>   and how it can affect information flow between observers.

What the hell? At Fri, 3 Apr 2015 15:41:21 +0300 (MSK) you ask:

> Will you mind if I rephrase that paragraph in the "inet.4" ...

And at Fri, 3 Apr 2015 17:00:14 +0300 (MSK) you commit.

You gave 1 hour and 19 minutes for review! Is this acceptable at all?

H>   MFC after:	1 week

Now this sounds like a threat.

Please back out this very questionable change, and then it will be discussed.

H> Modified:
H>   head/share/man/man4/inet.4
H> 
H> Modified: head/share/man/man4/inet.4
H> ==============================================================================
H> --- head/share/man/man4/inet.4	Fri Apr  3 13:57:14 2015	(r281023)
H> +++ head/share/man/man4/inet.4	Fri Apr  3 14:00:08 2015	(r281024)
H> @@ -28,7 +28,7 @@
H>  .\"     From: @(#)inet.4	8.1 (Berkeley) 6/5/93
H>  .\" $FreeBSD$
H>  .\"
H> -.Dd April 2, 2015
H> +.Dd April 3, 2015
H>  .Dt INET 4
H>  .Os
H>  .Sh NAME
H> @@ -244,10 +244,22 @@ IP datagrams (or all IP datagrams, if
H>  .Va ip.rfc6864
H>  is disabled) to be randomized instead of incremented by 1 with each packet
H>  generated.
H> -This closes a minor information leak which allows remote observers to
H> +This prevents information exchange between any combination of two or
H> +more inside and/or outside observers using packet frequency
H> +modulation, PFM.
H> +An outside observer can ping the outside facing port at a fixed rate
H> +sampling the returned counter.
H> +An inside observer can ping the inside facing port sampling the same
H> +counter.
H> +Even though packets don't flow directly between any of the observers
H> +any single observer can influence the data rate the other observer(s)
H> +is or are sampling.
H> +This is done by sending more or less ping packets towards the gateway
H> +per measured interval.
H> +Setting this sysctl also prevents the remote and internal observers to
H>  determine the rate of packet generation on the machine by watching the
H>  counter.
H> -In the same time, on high-speed links, it can decrease the ID reuse
H> +At the same time, on high-speed links, it can decrease the ID reuse
H>  cycle greatly.
H>  Default is 0 (sequential IP IDs).
H>  IPv6 flow IDs and fragment IDs are always random.
H> 

-- 
Totus tuus, Glebius.

More information about the svn-src-head mailing list