svn commit: r321605 - head/contrib/ipfilter

Cy Schubert Cy.Schubert at komquats.com
Mon Jul 31 05:23:26 UTC 2017


In message <59e80a44-d9de-5081-9eda-f068188b843f at delphij.net>, Xin Li 
writes:
> On 7/26/17 23:26, Cy Schubert wrote:
> > Author: cy
> > Date: Thu Jul 27 06:26:15 2017
> > New Revision: 321605
> > URL: https://svnweb.freebsd.org/changeset/base/321605
> >=20
> > Log:
> >   As in r315225, discard 3072 bytes of RC4 bytestream instead of 1024.
> >  =20
> >   PR:		217920
> >   Submitted by:	codarren at hackers.mu
> >   Reviewed by:	emaste, cem
> >   Approved by:	so (implicit, in r315225)
> 
> Why ipfilter is using its own pseudo random number generator?  Please
> remove them altogether and use the system PRNG instead.

It uses this code when it builds the kernel sources in a userland program 
called ipftest. ipftest is a userland application outside of the kernel in 
which users pass generated or captured packets into it to test arbitrary 
ipfilter rules, which are separate from those in the kernel. ipftest is a 
rule testing application. ipftest is currently broken (it segfaults) and in 
my queue for loving attention. I'll look into using the libkern version of 
arc4rand(9) in this userland utility.


-- 
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.




More information about the svn-src-all mailing list