On Fri, Jan 28, 2011 at 9:00 PM, Doug Barton <do...@freebsd.org> wrote: > On 01/28/2011 06:33, Ivo Vachkov wrote: >> >> Hello, >> >> I would like to thank for the help and for the recommendations. >> >> I attach second version of the patch, I proposed earlier, including >> following changes: >> >> 1) All RFC6056 algorithms are implemented. >> 2) Both IPv4 and IPv6 stacks are modified to use the new port >> randomization code. >> 3) There are two variables that can be modified via sysctl: >> - net.inet.ip.portrange.rfc6056_algorithm - which allows the super >> user to choose one out of the five possible algorithms. >> - net.inet.ip.portrange.rfc6056_algorithm5_tradeoff - which allows the >> super user to modify the trade-off value used in algorithm 5. >> All values are explicitly checked for correctness before usage. >> Default values for those variables represent current/legacy port >> randomization algorithm and proposed values in the RFC itself. > > I haven't reviewed the patch in detail yet but I wanted to first thank you > for taking on this work, and being so responsive to Fernando's request > (which I agreed with, and you updated before I even had a chance to say so). > :) > > My one comment so far is on the name of the sysctl's. There are 2 problems > with sysctl/variable names that use an rfc title. The first is that they are > not very descriptive to the 99.9% of users who are not familiar with that > particular doc. The second is more esoteric, but if the rfc is subsequently > updated or obsoleted we're stuck with either an anachronism or updating code > (both of which have their potential areas of confusion). > > So in order to avoid this issue, and make it more consistent with the > existing: > > net.inet.ip.portrange.randomtime > net.inet.ip.portrange.randomcps > net.inet.ip.portrange.randomized > > How does net.inet.ip.portrange.randomalg sound? I would also suggest that > the second sysctl be named net.inet.ip.portrange.randomalg.alg5_tradeoff so > that one could do 'sysctl net.inet.ip.portrange.randomalg' and see both > values. But I won't quibble on that. :) >
I have no objections with this. Since this is my first attempt to contribute something back to the community I decided to see how it's done before. So I found: net.inet.tcp.rfc1323 net.inet.tcp.rfc3465 net.inet.tcp.rfc3390 net.inet.tcp.rfc3042 which probably led me in a wrong direction :) I understand your point and agree with it. However, my somewhat limited understanding of the sysctl internal organization is telling me that tree node does not support values. Am I wrong? If my reasoning is correct, maybe I can create the sysctl variables with the following names: - net.inet.ip.portrange.randomalg (Tree Node) - net.inet.ip.portrange.randomalg.alg[orithm] (Leaf Node, to store the selected algorithm) - net.inet.ip.portrange.randomalg.alg5_tradeoff (Leaf Node, to store the Algorithm 5 trade-off value) Ivo Vachkov _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
