svn commit: r321605 - head/contrib/ipfilter
Cy Schubert
Cy.Schubert at komquats.com
Mon Jul 31 05:23:26 UTC 2017
In message <59e80a44-d9de-5081-9eda-f068188b843f at delphij.net>, Xin Li
writes:
> On 7/26/17 23:26, Cy Schubert wrote:
> > Author: cy
> > Date: Thu Jul 27 06:26:15 2017
> > New Revision: 321605
> > URL: https://svnweb.freebsd.org/changeset/base/321605
> >=20
> > Log:
> > As in r315225, discard 3072 bytes of RC4 bytestream instead of 1024.
> > =20
> > PR: 217920
> > Submitted by: codarren at hackers.mu
> > Reviewed by: emaste, cem
> > Approved by: so (implicit, in r315225)
>
> Why ipfilter is using its own pseudo random number generator? Please
> remove them altogether and use the system PRNG instead.
It uses this code when it builds the kernel sources in a userland program
called ipftest. ipftest is a userland application outside of the kernel in
which users pass generated or captured packets into it to test arbitrary
ipfilter rules, which are separate from those in the kernel. ipftest is a
rule testing application. ipftest is currently broken (it segfaults) and in
my queue for loving attention. I'll look into using the libkern version of
arc4rand(9) in this userland utility.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the svn-src-all
mailing list