Proposed patch for Port Randomization modifications according to RFC6056

Doug Barton dougb at
Sat Mar 5 00:39:38 UTC 2011

On 03/04/2011 16:21, Bjoern A. Zeeb wrote:
> On Sun, 27 Feb 2011, Doug Barton wrote:

>> As for default algorithm, is there any reason not to make it 4?
> Yes, it's expensive both computation time and stack wise. Last I put
> MD5ctxs on the stack I was told that it was previously avoided do to
> stack limits. I haven't seen complaints on lists about it but it
> possibly still true for small embedded.
> I'd also like to see a proper benchmark before switching the default
> on both state of the art and a soekris kind class of machine.

We expect people doing embedded work to make all kinds of adjustments, I 
can't see any reason why this shouldn't be one of them. Modern 
general-purpose machines have more than enough resources to handle this.

That said, maybe we need a knob like EMBEDDED to more easily handle some 
of these issues. I could see an default of alg 4 but something less 
computationally intensive ifdef EMBEDDED.

> That said I messed with the patch to avoid the two copies of the
> algorithms (so it will not be 4 soon). I know it compiles but I have
> yet to test it. I'd love to hear opinions. The #ifdef INET6/INETs
> are ugly but we'll see those a lot more and need to figure out
> differnt ways to our code was written the last 10 years.
> The patch also includes a bugfix for the ipv6 case wrt to
> "un-binding" on error.

Cool! I'll try to test this new patch this weekend.



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the freebsd-net mailing list