[BACK]Return to rfc6056.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Annotation of src/share/man/man7/rfc6056.7, Revision 1.2

1.2     ! wiz         1: .\"     $NetBSD: rfc6056.7,v 1.1 2011/09/24 17:04:38 christos Exp $
1.1       christos    2: .\"
                      3: .\" Copyright (c) 2011
                      4: .\"     The NetBSD Foundation.  All rights reserved.
                      5: .\"
                      6: .\" This code is derived from software contributed to The NetBSD Foundation
                      7: .\" by Vlad Balan
                      8: .\".
                      9: .\" Redistribution and use in source and binary forms, with or without
                     10: .\" modification, are permitted provided that the following conditions
                     11: .\" are met:
                     12: .\" 1. Redistributions of source code must retain the above copyright
                     13: .\"    notice, this list of conditions and the following disclaimer.
                     14: .\" 2. Redistributions in binary form must reproduce the above copyright
                     15: .\"    notice, this list of conditions and the following disclaimer in the
                     16: .\"    documentation and/or other materials provided with the distribution.
                     17: .\"
                     18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
                     19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
                     20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
                     21: .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
                     22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
                     23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
                     24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
                     25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
                     26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
                     27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
                     28: .\" SUCH DAMAGE.
                     29: .\"
                     30: .\"
                     31: .Dd August 25, 2011
                     32: .Dt RFC6056 7
                     33: .Os
                     34: .Sh NAME
                     35: .Nm rfc6056
                     36: .Nd port randomization algorithms
                     37: .Sh DESCRIPTION
                     38: The
1.2     ! wiz        39: .Nm
1.1       christos   40: algorithms are used in order to randomize the port allocation of outgoing UDP
                     41: packets, in order to provide protection from a series of
                     42: .Dq blind
                     43: attacks based on the
                     44: attacker's ability to guess the sequence of ephemeral ports associated
1.2     ! wiz        45: with outgoing packets.
        !            46: For more information consult RFC 6056.
1.1       christos   47: .Pp
                     48: The individual algorithms are described below:
                     49: .Ss The RFC 6056 algorithms
                     50: .Li The following algorithms are available:
                     51: .Bl -tag -width "random_start"
                     52: .It Sy bsd
                     53: This is the default
                     54: .Nx
                     55: port selection algorithm, which starts from
                     56: .Dv anonportmax
                     57: and proceeds decreasingly through the available ephemeral ports.
                     58: .It Sy random_start
                     59: Select ports randomly from the available ephemeral ports.
1.2     ! wiz        60: In case a collision with a local port is detected, the
        !            61: algorithm proceeds decreasingly through the sequence of ephemeral
1.1       christos   62: ports until a free port is found.
                     63: Note that the random port selection algorithms are not guaranteed to find
                     64: a free port.
                     65: .It Sy random_pick
                     66: Select ports randomly from the available ephemeral ports.
                     67: In case a collision with a local port is detected the algorithm tries
                     68: selecting a new port randomly until a free port is found.
                     69: .It Sy hash
                     70: Select ports using a
                     71: .Xr md5 3
                     72: hash of the local address, the foreign address, and the foreign port.
                     73: Note that in the case of a
                     74: .Xr bind 2
                     75: call some of this information might be unavailable and the
                     76: port selection is delayed until the time of a
                     77: .Xr connect 2
                     78: call, performed either explicitly or up calling
                     79: .Xr sendto 2 .
                     80: .It Sy doublehash
                     81: Select ports using a
                     82: .Xr md5 3
1.2     ! wiz        83: hash of the local address, foreign address, and foreign port coupled with a
1.1       christos   84: .Xr md5 3
                     85: hash of the same components obtained using a separate table that is
                     86: associated with a subset of all outgoing connections.
                     87: The same considerations regarding late connection as in the case of hash apply.
                     88: .It Sy randinc
                     89: Use random increments in order to select the next port.
                     90: .El
                     91: .Sh SYSCTL CONTROLS
                     92: The following sysctl controls are available for selecting the default
                     93: port randomization algorithm:
                     94: .Bl -column "net.inet6.udp6.rfc6056.available" "string" "Changeable"
                     95: .It Sy sysctl name                   Ta Sy Type Ta Sy Changeable
                     96: .It net.inet.udp.rfc6056.available   Ta string  Ta no
                     97: .It net.inet.udp.rfc6056.selected    Ta string  Ta yes
                     98: .It net.inet6.udp6.rfc6056.available Ta string  Ta no
                     99: .It net.inet6.udp6.rfc6056.selected  Ta string  Ta yes
                    100: .El
                    101: .Sh SOCKET OPTIONS
                    102: The socket option
                    103: .Dv UDP_RFC6056ALGO
                    104: at the
                    105: .Dv IPPROTO_UDP
                    106: level can be used with a string argument specifying the algorithm's
                    107: name in order to select the port randomization algorithm
                    108: for a specific socket.
                    109: For more info see
                    110: .Xr setsockopt 2 .
                    111: .Sh SEE ALSO
                    112: .Xr setsockopt 2 ,
                    113: .Xr sysctl 3 ,
                    114: .Xr sysctl 7
                    115: .Sh HISTORY
                    116: The
                    117: .Nm
                    118: algorithms first appeared in
                    119: .Nx 6.0 .

CVSweb <webmaster@jp.NetBSD.org>