[LACNIC/Seguridad] Fwd: Re: Proposed patch for Port Randomization modifications according to RFC6056

Fernando Gont fernando en gont.com.ar
Vie Ene 28 13:34:38 BRST 2011


Estimados,

Si alguno tiene un Free' por ahi, y puede probar el parche y proveer
feedback, estaria genial.

Kudos para Ivo. Realmente la gente que se sienta y escribe codigo merece
todo el credito.

Un abrazo,
Fernando




-------- Original Message --------
Subject: Re: Proposed patch for Port Randomization modifications
according to RFC6056
Date: Fri, 28 Jan 2011 16:33:55 +0200
From: Ivo Vachkov <ivo.vachkov en gmail.com>
To: FreeBSD Net <freebsd-net en freebsd.org>
CC: Fernando Gont <fernando en gont.com.ar>, bz en freebsd.org

Hello,

I would like to thank for the help and for the recommendations.

I attach second version of the patch, I proposed earlier, including
following changes:

1) All RFC6056 algorithms are implemented.
2) Both IPv4 and IPv6 stacks are modified to use the new port
randomization code.
3) There are two variables that can be modified via sysctl:
- net.inet.ip.portrange.rfc6056_algorithm - which allows the super
user to choose one out of the five possible algorithms.
- net.inet.ip.portrange.rfc6056_algorithm5_tradeoff - which allows the
super user to modify the trade-off value used in algorithm 5.
All values are explicitly checked for correctness before usage.
Default values for those variables represent current/legacy port
randomization algorithm and proposed values in the RFC itself.

Thank you very much.

Ivo Vachkov

------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: 20110128-freebsd-RELENG_8-rfc6056.patch
Type: text/x-patch
Size: 16891 bytes
Desc: no disponible
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20110128/40589170/attachment.bin>


Más información sobre la lista de distribución Seguridad