Proposed patch for Port Randomization modifications according
to RFC6056
Ivo Vachkov
ivo.vachkov at gmail.com
Wed Mar 2 22:18:26 UTC 2011
On Thu, Mar 3, 2011 at 12:00 AM, Bjoern A. Zeeb
<bzeeb-lists at lists.zabbadoz.net> wrote:
> On Sat, 5 Feb 2011, Giorgos Keramidas wrote:
>
> Hi,
>
>> On Fri, 28 Jan 2011 11:00:40 -0800, Doug Barton <dougb at FreeBSD.org> wrote:
>>>
>>> I haven't reviewed the patch in detail yet but I wanted to first thank
>>> you for taking on this work, and being so responsive to Fernando's
>>> request (which I agreed with, and you updated before I even had a
>>> chance to say so). :)
>>
>> Thanks from me too.
>>
>>> My one comment so far is on the name of the sysctl's. There are 2
>>> problems with sysctl/variable names that use an rfc title. The first is
>>> that they are not very descriptive to the 99.9% of users who are not
>>> familiar with that particular doc. The second is more esoteric, but if
>>> the rfc is subsequently updated or obsoleted we're stuck with either an
>>> anachronism or updating code (both of which have their potential areas
>>> of confusion).
>>>
>>> So in order to avoid this issue, and make it more consistent with the
>>> existing:
>>>
>>> net.inet.ip.portrange.randomtime
>>> net.inet.ip.portrange.randomcps
>>> net.inet.ip.portrange.randomized
>>>
>>> How does net.inet.ip.portrange.randomalg sound? I would also suggest
>>> that the second sysctl be named
>>> net.inet.ip.portrange.randomalg.alg5_tradeoff so that one could do
>>> sysctl net.inet.ip.portrange.randomalg' and see both values. But I won't
>>> quibble on that. :)
>>
>> It's a usability issue too, so I'd certainly support renaming the
>> sysctls to something human-friendly. It's always bad enough to go
>> through look at a search engine to find out what net.inet.rfc1234
>> means. It's worse when RFC 1234 has been obsoleted a few years ago
>> and now it's called RFC 54321.
>
> has anything of that ever happened and led to an updated patch again?
Yes. Those recommendations are reflected in the latest version of the
patch I supplied.
I attach it again for reference. It is against RELENG-8 as of
2011-01-31. However, if you need -CURRENT-based patch, please let me
know, so I can prepare it asap.
> /bz
>
> --
> Bjoern A. Zeeb You have to have visions!
> Stop bit received. Insert coin for new address family.
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20110131-freebsd-RELENG_8-rfc6056.patch
Type: text/x-patch
Size: 17122 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110302/a46ea928/20110131-freebsd-RELENG_8-rfc6056.bin
More information about the freebsd-net
mailing list