I've been up and running on this patch vs. r218391 for over 24 hours
now, using algorithm 4 (as someone said is now the default in Linux)
without any problems.
I think Bjoern is better qualified than I to comment on the style of the
patch, but it applies cleanly, and seems to run fine on both v4 and v6.
hth,
Doug
On 01/31/2011 04:52, Ivo Vachkov wrote:
Hello,
I attach the latest version of the port randomization code as a patch
against RELENG_8.
Changelog:
1) sysctl variable names are changed to:
- 'net.inet.ip.portrange.randomalg.version' - representing the
algorithm of choice.
- 'net.inet.ip.portrange.randomalg.alg5_tradeoff' - representing the
Algorithm 5 computational tradeoff value (the 'N' value in the
Algorithm 5 description in the RFC 6056).
2) Code comments are synchronized with the current variable names.
Ivo Vachkov
On Sat, Jan 29, 2011 at 4:27 AM, Doug Barton<do...@freebsd.org> wrote:
On 01/28/2011 11:57, Ivo Vachkov wrote:
On Fri, Jan 28, 2011 at 9:00 PM, Doug Barton<do...@freebsd.org> wrote:
How does net.inet.ip.portrange.randomalg sound? I would also suggest that
the second sysctl be named net.inet.ip.portrange.randomalg.alg5_tradeoff
so
that one could do 'sysctl net.inet.ip.portrange.randomalg' and see both
values. But I won't quibble on that. :)
I have no objections with this. Since this is my first attempt to
contribute something back to the community I decided to see how it's
done before. So I found:
net.inet.tcp.rfc1323
net.inet.tcp.rfc3465
net.inet.tcp.rfc3390
net.inet.tcp.rfc3042
which probably led me in a wrong direction :)
Yeah, I had actually intended to say something to the effect of "there are
plenty of unfortunate examples in the tree already so your doing it that way
is totally understandable" but I trimmed it.
I understand your point and agree with it. However, my somewhat
limited understanding of the sysctl internal organization is telling
me that tree node does not support values. Am I wrong?
You are likely correct. :) It's an inconvenient fact that often forget
because that's not the sandbox that I usually play in.
If my reasoning
is correct, maybe I can create the sysctl variables with the following
names:
- net.inet.ip.portrange.randomalg (Tree Node)
- net.inet.ip.portrange.randomalg.alg[orithm] (Leaf Node, to store the
selected algorithm)
I would go with "version" to increase the visual distinctiveness. I searched
the current tree and there doesn't seem to be a clear winner for how to
portray "this is the current N/M that is in use" but "version" seems to have
the most representatives.
- net.inet.ip.portrange.randomalg.alg5_tradeoff (Leaf Node, to store
the Algorithm 5 trade-off value)
I'm assuming this is the "N" value mentioned in the RFC. If so, I commend
you on your choice of "tradeoff" to represent it. :)
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
