On Wed, 26 Jan 2011, Ivo Vachkov wrote:
Hi,
I would like to propose a patch (against FreeBSD RELENG_8) to extend
the port randomization support in FreeBSD, according to RFC6056
(https://www.rfc-editor.org/rfc/rfc6056.txt)
Currently the patch implements:
- Algorithm 1 (default in FreeBSD 8)
- Algorithm 2
- Algorithm 5
from the aforementioned RFC6056.
Any of those algorithms can be chosen with the sysctl variable
net.inet.ip.portrange.rfc6056_algorithm.
I deliberately skipped Algorithm 3 and Algorithm 4, because I believe
usage of cryptographic hash functions will introduce unnecessary
latency in vital network operations. However, in case of expressed
interest, I will be glad to add those too.
I would like to ask what is the proper way to validate the sysctl
input in order to accept only a specific values? In my case only '1',
'2' and '5'.
Thank you very much.
It needs to be implemented in sys/netinet6/in6_src.c as well. Given
the growth I wonder if we can design it more intelligent to avoid more
code duplication for 3 (to 5) alogrithms, especially considering, that
syncing between legacy and ipv6 has failed in the past.
/bz
--
Bjoern A. Zeeb You have to have visions!
<ks> Going to jail sucks -- <bz> All my daemons like it!
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
