Proposed patch for Port Randomization modifications according
to RFC6056
Doug Barton
dougb at FreeBSD.org
Sat Mar 5 00:39:38 UTC 2011
On 03/04/2011 16:21, Bjoern A. Zeeb wrote:
> On Sun, 27 Feb 2011, Doug Barton wrote:
>> As for default algorithm, is there any reason not to make it 4?
>
> Yes, it's expensive both computation time and stack wise. Last I put
> MD5ctxs on the stack I was told that it was previously avoided do to
> stack limits. I haven't seen complaints on lists about it but it
> possibly still true for small embedded.
>
> I'd also like to see a proper benchmark before switching the default
> on both state of the art and a soekris kind class of machine.
We expect people doing embedded work to make all kinds of adjustments, I
can't see any reason why this shouldn't be one of them. Modern
general-purpose machines have more than enough resources to handle this.
That said, maybe we need a knob like EMBEDDED to more easily handle some
of these issues. I could see an default of alg 4 but something less
computationally intensive ifdef EMBEDDED.
> That said I messed with the patch to avoid the two copies of the
> algorithms (so it will not be 4 soon). I know it compiles but I have
> yet to test it. I'd love to hear opinions. The #ifdef INET6/INETs
> are ugly but we'll see those a lot more and need to figure out
> differnt ways to our code was written the last 10 years.
>
> http://people.freebsd.org/~bz/20110303-01-rfc6056.diff
>
> The patch also includes a bugfix for the ipv6 case wrt to
> "un-binding" on error.
Cool! I'll try to test this new patch this weekend.
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the freebsd-net
mailing list