[BACK]Return to rfc6056.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/rfc6056.7 between version 1.1 and 1.2

version 1.1, 2011/09/24 17:04:38 version 1.2, 2011/09/24 18:47:59
Line 36 
Line 36 
 .Nd port randomization algorithms  .Nd port randomization algorithms
 .Sh DESCRIPTION  .Sh DESCRIPTION
 The  The
 .Xr rfc6056 7  .Nm
 algorithms are used in order to randomize the port allocation of outgoing UDP  algorithms are used in order to randomize the port allocation of outgoing UDP
 packets, in order to provide protection from a series of  packets, in order to provide protection from a series of
 .Dq blind  .Dq blind
 attacks based on the  attacks based on the
 attacker's ability to guess the sequence of ephemeral ports associated  attacker's ability to guess the sequence of ephemeral ports associated
 with outgoing packets. For more information consult RFC 6056.  with outgoing packets.
   For more information consult RFC 6056.
 .Pp  .Pp
 The individual algorithms are described below:  The individual algorithms are described below:
 .Pp  
 .Ss The RFC 6056 algorithms  .Ss The RFC 6056 algorithms
 .Li The following algorithms are available:  .Li The following algorithms are available:
 .Bl -tag -width "random_start"  .Bl -tag -width "random_start"
Line 57  port selection algorithm, which starts f
Line 57  port selection algorithm, which starts f
 and proceeds decreasingly through the available ephemeral ports.  and proceeds decreasingly through the available ephemeral ports.
 .It Sy random_start  .It Sy random_start
 Select ports randomly from the available ephemeral ports.  Select ports randomly from the available ephemeral ports.
 In case a collision with a local port is  detected the  In case a collision with a local port is detected, the
 algorithm  proceeds decreasingly through the sequence of ephemeral  algorithm proceeds decreasingly through the sequence of ephemeral
 ports until a free port is found.  ports until a free port is found.
 Note that the random port selection algorithms are not guaranteed to find  Note that the random port selection algorithms are not guaranteed to find
 a free port.  a free port.
Line 80  call, performed either explicitly or up 
Line 80  call, performed either explicitly or up 
 .It Sy doublehash  .It Sy doublehash
 Select ports using a  Select ports using a
 .Xr md5 3  .Xr md5 3
 hash of the local address, foreign address and foreign port coupled with a  hash of the local address, foreign address, and foreign port coupled with a
 .Xr md5 3  .Xr md5 3
 hash of the same components obtained using a separate table that is  hash of the same components obtained using a separate table that is
 associated with a subset of all outgoing connections.  associated with a subset of all outgoing connections.
Line 98  port randomization algorithm:
Line 98  port randomization algorithm:
 .It net.inet6.udp6.rfc6056.available Ta string  Ta no  .It net.inet6.udp6.rfc6056.available Ta string  Ta no
 .It net.inet6.udp6.rfc6056.selected  Ta string  Ta yes  .It net.inet6.udp6.rfc6056.selected  Ta string  Ta yes
 .El  .El
 .Pp  
 .Sh SOCKET OPTIONS  .Sh SOCKET OPTIONS
 The socket option  The socket option
 .Dv UDP_RFC6056ALGO  .Dv UDP_RFC6056ALGO

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.2

CVSweb <webmaster@jp.NetBSD.org>