Date: Wed, 02 Jun 2004 12:41:51 +0200 From: Andre Oppermann <andre@freebsd.org> To: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> Cc: freebsd-net@freebsd.org Subject: Re: net.inet.ip.portrange.randomized=1 hurts Message-ID: <40BDAEEF.2AECC3F0@freebsd.org> References: <20040602093940.N99493@atlantis.atlantis.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Pryanishnikov wrote: > > Hello! > > > Date: Tue, 1 Jun 2004 19:07:35 -0500 (CDT) > > From: Mike Silbersack <silby@silby.com> > > > > On Tue, 1 Jun 2004, Andre Oppermann wrote: > > > >> A port should not be reused this fast. Maybe the randomness isn't > >> so random after all and choses the same port over again and again? > > > >We use arc4random, so I don't think that's likely, but it is possible. > > OK, I would like to provide some statistics based on FTP server log. > In the following table, first column is the total number of PORT commands > per FTP session, second is the number of PORT commands between the first and > second occurence of reused port (which is the cause of "425" error), third > column is the interval between those occurences in secons: > > Total # of PORT comm. Interval, # of PORT Interval, sec > > 558 35 50 > 336 50 20 > 165 160 55 > > So, it doesn't seem to me that random number generator works badly, but any > randomness doesn't _guarantee_ that port number won't repeat within 2*MSL > seconds, does it? Also I have heard of algorithms (but can't recollect now) > that actually guarantee non-repeatness of the large portion (up > to the interval range) of pseudo-random sequence. If we had such an algorihm > for random port allocation, we won't get reused ports so often (by default, > portrange.hilast=65535 and portrange.hifirst=49152, so theoretically we would > have 16383 non-repeated port numbers before the first repeat). The random generator indeed works badly. If it was truely random it should generate a collision only every (1/range) on average. Maybe the arc4random function reuses the same or small number of initial vectors all over again leading to the same small set of 'randomized' ports. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40BDAEEF.2AECC3F0>