brooks at FreeBSD.org
Mon Oct 29 08:04:27 PDT 2007
On Sat, Oct 27, 2007 at 04:21:23AM +0100, Bruce M. Simpson wrote:
> Matus Harvan wrote:
> > Hi,
> > I was wondering if I could get some feedback about the patch and
> > whether others think it could be committed.
> The UDP catchall patch as submitted here clashes with the blackhole
> functionality, and also bypasses the update of the protocol statistics and
> unreachable port rate limiting. It is not yet suitable for a production
> It probably shouldn't trigger the log_in_vain message, however that log
> message is misleading anyway (the reception of UDP datagrams destined for
> unbound ports is not a 'connection attempt').
> I would argue that the UDP and TCP catchall feature should perhaps have a
> configurable port range as well, under
> net.inet.ip.portrange.relayhigh/relaylow. This would allow the inpcb code to
> avoid allocating sockets from that range at all -- as well as allowing
> inbound packets for that range to be immediately relayed to mtund without
> the cost of a hash lookup.
While I think this idea has some merit, I think we specifically want
the current wildcard ability to allow for a system that requires
minimal configuration. The problem with a range is that it doesn't
allow disjoint sets and it requires that if you really do want all the
ports you need to produce a list of currently allocated ports to avoid
allocating. A more (over)engineered solution holds some attraction, but
I'm not yet convinced the fact that it could exist precludes the current
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071029/7a7b6d14/attachment.pgp
More information about the freebsd-net