On Thu, Jun 03, 2004 at 02:19:43AM -0500, Mike Silbersack wrote: > > On Wed, 2 Jun 2004, Don Lewis wrote: > > > Randomizing DNS query IDs without repeating any particular ID too > > quickly is a similar problem. I contributed some code to for this to > > BIND version 8 a number of years ago. See the nsid stuff in > > /usr/src/contrib/bind/bin/named/ns_main.c. There are some comments > > preceeding the code that explain the background and how it is supposed > > to work. Something like this might be suitable for port number > > allocation, though the potentially long time that a given port number > > might be in use would complicate things. > > I just thought more about the issue at hand, and I think that changing the > randomization algorithm is probably not worth the effort. Instead, we'll > have to fix the server-side TIME_WAIT problem Dmitry is experiencing. > The simple reason is that any other OS which uses randomized ephemeral > ports will tickle the exact same port recycling problem, so reverting our > client behavior isn't a long-term solution.
The randomization algorithm is definitely wrong, and will need to be fixed. What's needed, as pointed out above, is a random *shuffle* not simply a random choice. The random choice as the code does now encounters the birthday paradox, resulting in re-use of a port number in sqrt(N) picks, meaning on average the re-use interval is 128, given the default 16384 range. That's far too short. The justified response to user complaints is "send patches" and I'm willing to try, if no-one else is working on it. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
