rfc6056 man page on NetBSD

Man page or keyword search:  
man Server   9087 pages
apropos Keyword Search (all sections)
Output format
NetBSD logo
[printable version]

RFC6056(7)	     BSD Miscellaneous Information Manual	    RFC6056(7)

NAME
     rfc6056 — port randomization algorithms

DESCRIPTION
     The rfc6056 algorithms are used in order to randomize the port allocation
     of outgoing UDP packets, in order to provide protection from a series of
     “blind” attacks based on the attacker's ability to guess the sequence of
     ephemeral ports associated with outgoing packets.	For more information
     consult RFC 6056.

     The individual algorithms are described below:

   The RFC 6056 algorithms
     The following algorithms are available:

     bsd	   This is the default NetBSD port selection algorithm, which
		   starts from anonportmax and proceeds decreasingly through
		   the available ephemeral ports.

     random_start  Select ports randomly from the available ephemeral ports.
		   In case a collision with a local port is detected, the
		   algorithm proceeds decreasingly through the sequence of
		   ephemeral ports until a free port is found.	Note that the
		   random port selection algorithms are not guaranteed to find
		   a free port.

     random_pick   Select ports randomly from the available ephemeral ports.
		   In case a collision with a local port is detected the algo‐
		   rithm tries selecting a new port randomly until a free port
		   is found.

     hash	   Select ports using a md5(3) hash of the local address, the
		   foreign address, and the foreign port.  Note that in the
		   case of a bind(2) call some of this information might be
		   unavailable and the port selection is delayed until the
		   time of a connect(2) call, performed either explicitly or
		   up calling sendto(2).

     doublehash	   Select ports using a md5(3) hash of the local address, for‐
		   eign address, and foreign port coupled with a md5(3) hash
		   of the same components obtained using a separate table that
		   is associated with a subset of all outgoing connections.
		   The same considerations regarding late connection as in the
		   case of hash apply.

     randinc	   Use random increments in order to select the next port.

SYSCTL CONTROLS
     The following sysctl controls are available for selecting the default
     port randomization algorithm:

     sysctl name			 Type	   Changeable
     net.inet.udp.rfc6056.available	 string	   no
     net.inet.udp.rfc6056.selected	 string	   yes
     net.inet6.udp6.rfc6056.available	 string	   no
     net.inet6.udp6.rfc6056.selected	 string	   yes

SOCKET OPTIONS
     The socket option UDP_RFC6056ALGO at the IPPROTO_UDP level can be used
     with a string argument specifying the algorithm's name in order to select
     the port randomization algorithm for a specific socket.  For more info
     see setsockopt(2).

SEE ALSO
     setsockopt(2), sysctl(3), sysctl(7)

HISTORY
     The rfc6056 algorithms first appeared in NetBSD 6.0.

BSD				August 25, 2011				   BSD
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server NetBSD

List of man pages available for NetBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net