tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [GSoC] : Interest in project

On Mar 22, 2011, at 11:22 AM, Alistair Crooks wrote:
>> For #1, there's a patchset for FreeBSD, which ought to largely apply to 
>> NetBSD's sys/netinet/in_pcb.c as well:
> Well, RFC 6056 made me think that just cloning FreeBSD's
> implementation would be, well, let's just say that implementing all of
> the approaches in the RFC would be better.

I've read both the RFC and the patch, and, as far as I see, all five of the 
suggested algorithms are implemented in BZ's patch.
> And, for the minimalists amongst us, reed@ already did this:
> so there's a bit more to this project than just copying FreeBSD code.

That appears to be implementing algorithm 1, much like FreeBSD, OpenBSD, and 
Solaris already do.  From the RFC, NetBSD's current default behavior doesn't 
try to randomize port #'s at all:

"A.3.  NetBSD

   NetBSD 5.0.1 does not obfuscate its ephemeral port numbers.  It
   selects ephemeral port numbers from the range 49152-65535, starting
   from port 65535, and decreasing the port number for each ephemeral
   port number selected [NetBSD]."


Home | Main Index | Thread Index | Old Index