Date: Wed, 26 Jan 2011 13:27:03 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Ivo Vachkov <ivo.vachkov@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Proposed patch for Port Randomization modifications according to RFC6056 Message-ID: <20110126132240.J3489@maildrop.int.zabbadoz.net> In-Reply-To: <AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com> References: <AANLkTi=rF%2BCYiNG7PurPtrwn-AMT9cYEe90epGAJDwDq@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Jan 2011, Ivo Vachkov wrote: Hi, > I would like to propose a patch (against FreeBSD RELENG_8) to extend > the port randomization support in FreeBSD, according to RFC6056 > (https://www.rfc-editor.org/rfc/rfc6056.txt) > > Currently the patch implements: > - Algorithm 1 (default in FreeBSD 8) > - Algorithm 2 > - Algorithm 5 > from the aforementioned RFC6056. > > Any of those algorithms can be chosen with the sysctl variable > net.inet.ip.portrange.rfc6056_algorithm. > > I deliberately skipped Algorithm 3 and Algorithm 4, because I believe > usage of cryptographic hash functions will introduce unnecessary > latency in vital network operations. However, in case of expressed > interest, I will be glad to add those too. > > I would like to ask what is the proper way to validate the sysctl > input in order to accept only a specific values? In my case only '1', > '2' and '5'. > > Thank you very much. It needs to be implemented in sys/netinet6/in6_src.c as well. Given the growth I wonder if we can design it more intelligent to avoid more code duplication for 3 (to 5) alogrithms, especially considering, that syncing between legacy and ipv6 has failed in the past. /bz -- Bjoern A. Zeeb You have to have visions! <ks> Going to jail sucks -- <bz> All my daemons like it! http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110126132240.J3489>