Date: Tue, 29 Jun 2004 16:43:32 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: David Malone <dwmalone@maths.tcd.ie> Subject: Re: RANDOM_IP_ID sysctl? Message-ID: <200406291643.39705.max@love2party.net> In-Reply-To: <20040629134008.GA356@frontfree.net> References: <200406291413.ab33924@salmon.maths.tcd.ie> <20040629134008.GA356@frontfree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_bAY4AQIoaZ5VPgf Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 29 June 2004 15:40, Xin LI wrote: > On Tue, Jun 29, 2004 at 02:13:38PM +0100, David Malone wrote: > > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > > than a kernel option. Would anyone mind if I changed this? I personally think that RANDOM_IP_ID is something that should be tweakable = on=20 a per-interface basis (at least). I usually want randomized IDs on my uplin= k=20 interface while it could harm my GigE internal network due to faster ID reu= se=20 cycles. =46YI, pf(4) can set randomized IDs on a per interface (and even on a per=20 connection) basis. David, I'd appreciate to review your patches in order to avoid breakage of = pf,=20 thanks. > Wouldn't this cause a performance penality? IIRC htons() is currently > a macro which is essentially a no-op, while ip_randomid() is a function > call. Of course we can convert the call to a uniform hook-alike mechainis= m, > however, given the frequency the function is called, this should be > carefully considered. One would clearly transform the now present "#ifdef" with "if (sysctlvar) .= =2E."=20 and hence this will not incur overhead (one compare is nothing to worry=20 about). > In addition, what's the apparant benefit making it a sysctl rather > than being a kernel option? I think there is rarely a sysadmin to > enable and disable this runtime. One has the freedom to choose without being forced to build its own kernel? > BTW. For security considerations I'd like to see if this is made default > in GENERIC kernels :-) Every user of GigE will tell you else. My vote is clearly against RANDOM_IP= _ID=20 in GENERIC (as it is right now)! All for the sysctl idea, however, if it is= =20 done properly and does not break pf(4). =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_bAY4AQIoaZ5VPgf Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBA4YAbXyyEoT62BG0RAj/OAJ9MgEtt4+HA07BF/zmwOuNjLVgqkgCdEBGL 5VNs/2X7f9OT7afnjfFsuR0= =2eSq -----END PGP SIGNATURE----- --Boundary-02=_bAY4AQIoaZ5VPgf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406291643.39705.max>