tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [GSoC] : Interest in project
On Mar 22, 2011, at 11:22 AM, Alistair Crooks wrote:
>> For #1, there's a patchset for FreeBSD, which ought to largely apply to
>> NetBSD's sys/netinet/in_pcb.c as well:
>>
>> http://people.freebsd.org/~bz/20110313-01-rfc6056.diff
>
> Well, RFC 6056 made me think that just cloning FreeBSD's
> implementation would be, well, let's just say that implementing all of
> the approaches in the RFC would be better.
I've read both the RFC and the patch, and, as far as I see, all five of the
suggested algorithms are implemented in BZ's patch.
> And, for the minimalists amongst us, reed@ already did this:
>
> http://mail-index.netbsd.org/tech-net/2008/07/11/msg000629.html
>
> so there's a bit more to this project than just copying FreeBSD code.
That appears to be implementing algorithm 1, much like FreeBSD, OpenBSD, and
Solaris already do. From the RFC, NetBSD's current default behavior doesn't
try to randomize port #'s at all:
"A.3. NetBSD
NetBSD 5.0.1 does not obfuscate its ephemeral port numbers. It
selects ephemeral port numbers from the range 49152-65535, starting
from port 65535, and decreasing the port number for each ephemeral
port number selected [NetBSD]."
Regards,
--
-Chuck
Home |
Main Index |
Thread Index |
Old Index