I'm using FreeBSD current for my experiences.
I observed bursts sent by NewReno when a partial ACK is received.
I have two packet traces of such bursts. One of such bursts is
analyzed at http://www.demizu.org/~noritosi/memo/2005/0623/ .
I think tcp_newreno_partial_ack() in tcp_input.c rev 1.275 h
> Hi guys.
>
> Thanks for the help and good advices.
> I just received source code from guys at MITRE in McLean, VA for
FreeBSD and will do some testing on it.
> "The code is an open implementation of ISO International Standards and
it's yours for the asking; there is no licensing."
>
> I was t
> Yes it might be a good idea, but again, it depends on your security
> requirements : any user is able to bind port 8000, so if you have
> other users on the system, this may not be something to avoid.
s/not//
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
__
Hi Khaled,
> Is it a good idea to run daemons on non privileged ports as a normal
> user (eg. www) then have natd or a firewall redirect the traffic
> targetting the privileged port.
>
> For example:
>
> A web server running as user www on port 8000.
> IPFW, IPNAT, PF or NATD redirecting port 80
[...]
> You could do something like this in FreeBSD 5-STABLE by hacking the
> in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just
> call suser_cred(), but to instead perform a group check, by calling
> groupmember(some_privileged_socket_group, cred).
mac_portacl(4)
--
Maxim Konov
On 6/23/05, Jeremie Le Hen <[EMAIL PROTECTED]> wrote:
> > Most daemons that bind to "priveleged" ports and run as a non-root uid,
> > start as root, then change the effective UID after binding to the port.
>
> Yes. Secure programs like Postfix (smtp), OpenSSH, vsftpd and Dovecot
> (imap) use priv
> Most daemons that bind to "priveleged" ports and run as a non-root uid,
> start as root, then change the effective UID after binding to the port.
Yes. Secure programs like Postfix (smtp), OpenSSH, vsftpd and Dovecot
(imap) use privilege separation. For instance if you need to open the
TCP port
Hi,
Luigi Rizzo wrote:
Seen the patch, looks good. It's always nice to see how easy it is to
add new options to ipfw2 :)
Yes. And what is really nice was the fact that this will
solve my real-world problem also very easily (would
be great if this patch could find it's way to RELENG_5
eventuall
On Thu, Jun 23, 2005 at 01:19:12PM +0300, Ari Suutari wrote:
> Hi,
>
> Luigi Rizzo wrote:
> >
> > BTW for the 'setnexthop', the port number does not really make
> > much sense... though it can be useful as a degenerate 'nexthop' case
> > to forward to a local port.
>
> Didn't remember to comment
Hi guys.
Thanks for the help and good advices.
I just received source code from guys at MITRE in McLean, VA for FreeBSD and
will do some testing on it.
"The code is an open implementation of ISO International Standards and it's
yours for the asking; there is no licensing."
I was thinking, maybe
Hi,
Luigi Rizzo wrote:
BTW for the 'setnexthop', the port number does not really make
much sense... though it can be useful as a degenerate 'nexthop' case
to forward to a local port.
Didn't remember to comment on this. I left the port number
possibility there although it is really questionabl
Hi,
Luigi Rizzo wrote:
for the chunk at --- 2951,2987
i think it would be better to reuse the 'case TOK_FORWARD',
by changing the opcode and messages according to the actual command.
Changed.
here too i would reuse the existing code more, e.g. in ipfw_log()
put 'case O_SETNEXTHO
On Thu, Jun 23, 2005 at 10:52:02AM +0300, Ari Suutari wrote:
> Hi,
>
> The patches which implement both
> "ipfw setnexthop" and "ipfw defaultroute" are at:
look reasonable, but i would like to reuse the existing 'forward' code a
lot more, to avoid duplication and inconsistencies should we
ap
Hi,
The patches which implement both
"ipfw setnexthop" and "ipfw defaultroute" are at:
http://www.suutari.iki.fi/freebsd/ipfw-nexthop.patch
http://www.suutari.iki.fi/freebsd/netinet-nexthop.patch
These are against 5.4-RELEASE - if that causes
too much trouble I can try to generate them aga
14 matches
Mail list logo
