Proposed patch for Port Randomization modifications according to
RFC6056
Ivo Vachkov
ivo.vachkov at gmail.com
Wed Jan 26 11:54:29 UTC 2011
Hello,
I would like to propose a patch (against FreeBSD RELENG_8) to extend
the port randomization support in FreeBSD, according to RFC6056
(https://www.rfc-editor.org/rfc/rfc6056.txt)
Currently the patch implements:
- Algorithm 1 (default in FreeBSD 8)
- Algorithm 2
- Algorithm 5
from the aforementioned RFC6056.
Any of those algorithms can be chosen with the sysctl variable
net.inet.ip.portrange.rfc6056_algorithm.
I deliberately skipped Algorithm 3 and Algorithm 4, because I believe
usage of cryptographic hash functions will introduce unnecessary
latency in vital network operations. However, in case of expressed
interest, I will be glad to add those too.
I would like to ask what is the proper way to validate the sysctl
input in order to accept only a specific values? In my case only '1',
'2' and '5'.
Thank you very much.
Ivo Vachkov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freebsd-RELENG_8-rfc6056.patch
Type: text/x-patch
Size: 4035 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110126/856012b6/freebsd-RELENG_8-rfc6056.bin
More information about the freebsd-net
mailing list