[PATCH] Ephemeral port randomization
Skip Ford
skip.ford at verizon.net
Wed Apr 28 15:45:37 PDT 2004
Jon Parise wrote:
> On Wed, Apr 28, 2004 at 06:04:37PM -0400, Skip Ford wrote:
>
> > /*
> > * counting down
> > */
> > + if (ipport_randomized)
> > + *lastport = first -
> > + (arc4random() % (first - last));
> > count = first - last;
> >
> > do {
> > @@ -341,6 +349,9 @@
> > /*
> > * counting up
> > */
> > + if (ipport_randomized)
> > + *lastport = first +
> > + (arc4random() % (last - first));
> > count = last - first;
>
> I don't purport to know this code at all, but, based on these snippets
> from the diff, wouldn't it make sense to compute 'count' before the
> 'ipport_randomized' test and then use 'count' in the '*lastport'
> calculation (instead of repeating the '(last - first)' arithmetic)?
Yeah, but that's not how FreeBSD does it. I was planning to send a
follow-up patch if they applied the first. I dislike patches that do
multiple things so I decided importing FreeBSD's version and optimizing
it a bit should be done separately, just like FreeBSD did bringing
in OpenBSD's version.
--
Skip
More information about the Submit
mailing list