netdev
[Top] [All Lists]

Re: [PATCH] OpenBSD Networking-related randomization port

To: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
Subject: Re: [PATCH] OpenBSD Networking-related randomization port
From: Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx>
Date: Fri, 28 Jan 2005 19:36:13 +0100
Cc: "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, torvalds@xxxxxxxx, netdev@xxxxxxxxxxx, Chris Wright <chrisw@xxxxxxxx>
In-reply-to: <1106935677.7776.29.camel@xxxxxxxxxxxxxxxxxxxxx>
References: <1106932637.3778.92.camel@xxxxxxxxxxxxxxxxxxxxx> <1106935677.7776.29.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
El vie, 28-01-2005 a las 19:07 +0100, Arjan van de Ven escribió:
> On Fri, 2005-01-28 at 18:17 +0100, Lorenzo Hernández García-Hierro
> wrote:
> > Hi,
> > 
> > Attached you can find a split up patch ported from grSecurity [1], as
> > Linus commented that he wouldn't get a whole-sale patch, I was working
> > on it and also studying what features of grSecurity can be implemented
> > without a development or maintenance overhead, aka less-invasive
> > implementations.
> 
> 
> why did you make it a config option? This is the kind of thing that is
> either good or isn't... at which point you can get rid of a lot of, if
> not all the ugly ifdefs the patch adds.

I will remove the ifdef's, I've made it just from the usability POV,
users may want the standard "randomization" schema, dunno.
Anyway, I will remove those ifdef's and make it enabled-by-default.

> Also, why does it need to enhance the random driver this much, the
> random driver already has a facility to provide pseudorandom numbers
> good enough for networking use (eg the PRNG rekeys often enough with
> real entropy that brute forcing it shouldn't be possible).

I will also remove the pool sizes increasing diffs from the patch.

> If you can fix those 2 things the patch will look a lot cleaner and has
> a lot higher chance to be merged.

Sure, many thanks for pointing out that clearly.
It will take a few minutes and then re-send the patch.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente

<Prev in Thread] Current Thread [Next in Thread>