On Sat, Oct 27, 2007 at 04:21:23AM +0100, Bruce M. Simpson wrote: > Matus Harvan wrote: > > Hi, > > > > I was wondering if I could get some feedback about the patch and > > whether others think it could be committed. > > > > The UDP catchall patch as submitted here clashes with the blackhole > functionality, and also bypasses the update of the protocol statistics and > unreachable port rate limiting. It is not yet suitable for a production > kernel. > > It probably shouldn't trigger the log_in_vain message, however that log > message is misleading anyway (the reception of UDP datagrams destined for > unbound ports is not a 'connection attempt'). > > I would argue that the UDP and TCP catchall feature should perhaps have a > configurable port range as well, under > net.inet.ip.portrange.relayhigh/relaylow. This would allow the inpcb code to > avoid allocating sockets from that range at all -- as well as allowing > inbound packets for that range to be immediately relayed to mtund without > the cost of a hash lookup.
While I think this idea has some merit, I think we specifically want the current wildcard ability to allow for a system that requires minimal configuration. The problem with a range is that it doesn't allow disjoint sets and it requires that if you really do want all the ports you need to produce a list of currently allocated ports to avoid allocating. A more (over)engineered solution holds some attraction, but I'm not yet convinced the fact that it could exist precludes the current implementation. -- Brooks
pgpaKGlHHOssb.pgp
Description: PGP signature
