unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-6.1.5)
Page:
Section:
Apropos / Subsearch:
optional field

RFC6056(7)             Miscellaneous Information Manual             RFC6056(7)

NAME
     rfc6056 -- port randomization algorithms

DESCRIPTION
     The rfc6056 algorithms are used in order to randomize the port allocation
     of outgoing UDP packets, in order to provide protection from a series of
     ``blind'' attacks based on the attacker's ability to guess the sequence
     of ephemeral ports associated with outgoing packets.  For more
     information consult RFC 6056.

     The individual algorithms are described below:

   The RFC 6056 algorithms
     The following algorithms are available:

     bsd           This is the default NetBSD port selection algorithm, which
                   starts from anonportmax and proceeds decreasingly through
                   the available ephemeral ports.

     random_start  Select ports randomly from the available ephemeral ports.
                   In case a collision with a local port is detected, the
                   algorithm proceeds decreasingly through the sequence of
                   ephemeral ports until a free port is found.  Note that the
                   random port selection algorithms are not guaranteed to find
                   a free port.

     random_pick   Select ports randomly from the available ephemeral ports.
                   In case a collision with a local port is detected the
                   algorithm tries selecting a new port randomly until a free
                   port is found.

     hash          Select ports using a md5(3) hash of the local address, the
                   foreign address, and the foreign port.  Note that in the
                   case of a bind(2) call some of this information might be
                   unavailable and the port selection is delayed until the
                   time of a connect(2) call, performed either explicitly or
                   up calling sendto(2).

     doublehash    Select ports using a md5(3) hash of the local address,
                   foreign address, and foreign port coupled with a md5(3)
                   hash of the same components obtained using a separate table
                   that is associated with a subset of all outgoing
                   connections.  The same considerations regarding late
                   connection as in the case of hash apply.

     randinc       Use random increments in order to select the next port.

SYSCTL CONTROLS
     The following sysctl controls are available for selecting the default
     port randomization algorithm:

     sysctl name                         Type      Changeable
     net.inet.udp.rfc6056.available      string    no
     net.inet.udp.rfc6056.selected       string    yes
     net.inet6.udp6.rfc6056.available    string    no
     net.inet6.udp6.rfc6056.selected     string    yes

SOCKET OPTIONS
     The socket option UDP_RFC6056ALGO at the IPPROTO_UDP level can be used
     with a string argument specifying the algorithm's name in order to select
     the port randomization algorithm for a specific socket.  For more info
     see setsockopt(2).

SEE ALSO
     setsockopt(2), sysctl(3), sysctl(7)

HISTORY
     The rfc6056 algorithms first appeared in NetBSD 6.0.

NetBSD 6.1.5                    August 25, 2011                   NetBSD 6.1.5