src/share/man/man7/rfc6056.7 - diff

Return to rfc6056.7 CVS log

Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/rfc6056.7 between version 1.2 and 1.2.2.1

version 1.2, 2011/09/24 18:47:59

version 1.2.2.1, 2012/10/30 18:59:42

Line 45 attacker's ability to guess the sequence

with outgoing packets.

For more information consult RFC 6056.

.Pp

The individual algorithms are described below:

The individual algorithms are described below.

.Ss The RFC 6056 algorithms

.Li The following algorithms are available:

The following algorithms are available:

.Bl -tag -width "random_start"

.It Sy bsd

This is the default

Line 91 Use random increments in order to select

.Sh SYSCTL CONTROLS

The following sysctl controls are available for selecting the default

port randomization algorithm:

.Bl -column "net.inet6.udp6.rfc6056.available" "string" "Changeable"

.Bl -column "net.inet6.udp6.anonportalgo.available" "string" "Changeable"

.It Sy sysctl name Ta Sy Type Ta Sy Changeable

.It net.inet.udp.rfc6056.available Ta string Ta no

.It net.inet.ip.anonportalgo.available Ta string Ta no

.It net.inet.udp.rfc6056.selected Ta string Ta yes

.It net.inet.ip.anonportalgo.selected Ta string Ta yes

.It net.inet6.udp6.rfc6056.available Ta string Ta no

.It net.inet6.ip6.anonportalgo.available Ta string Ta no

.It net.inet6.udp6.rfc6056.selected Ta string Ta yes

.It net.inet6.ip6.anonportalgo.selected Ta string Ta yes

.El

.Sh SOCKET OPTIONS

The socket option

The

.Dv UDP_RFC6056ALGO

.Dv IP_PORTSEL

at the

socket option at the

.Dv IPPROTO_UDP

.Dv IPPROTO_IP

level and the

.Dv IPV6_PORTSEL

socket option at the

.Dv IPPROTO_IPV6

level can be used with a string argument specifying the algorithm's

name in order to select the port randomization algorithm

for a specific socket.

CVSweb <webmaster@jp.NetBSD.org>