Date: Wed, 26 Jan 2011 07:59:22 -0500 From: John Baldwin <jhb@freebsd.org> To: freebsd-net@freebsd.org Cc: Ivo Vachkov <ivo.vachkov@gmail.com> Subject: Re: Proposed patch for Port Randomization modifications according to RFC6056 Message-ID: <201101260759.22809.jhb@freebsd.org> In-Reply-To: <AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com> References: <AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, January 26, 2011 6:28:07 am Ivo Vachkov wrote: > Hello, > > I would like to propose a patch (against FreeBSD RELENG_8) to extend > the port randomization support in FreeBSD, according to RFC6056 > (https://www.rfc-editor.org/rfc/rfc6056.txt) > > Currently the patch implements: > - Algorithm 1 (default in FreeBSD 8) > - Algorithm 2 > - Algorithm 5 > from the aforementioned RFC6056. > > Any of those algorithms can be chosen with the sysctl variable > net.inet.ip.portrange.rfc6056_algorithm. > > I deliberately skipped Algorithm 3 and Algorithm 4, because I believe > usage of cryptographic hash functions will introduce unnecessary > latency in vital network operations. However, in case of expressed > interest, I will be glad to add those too. > > I would like to ask what is the proper way to validate the sysctl > input in order to accept only a specific values? In my case only '1', > '2' and '5'. Use a SYSCTL_PROC and write your own handler that does a sanity check on the value set by userland and returns EINVAL if the value is not correct. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101260759.22809.jhb>