31 aug 2014 kl. 22:25 skrev Antoine Beaupré <anar...@anarcat.ath.cx>:
> On 2014-08-30 17:01:29, Antoine Beaupré wrote: >> Looking at this, I wonder if some features should be enabled in the >> build. I am thinking of: >> >> WANT_SYSLOGS >> WANT_V6 >> WANT_COMPRESSION_GZIP > > > Reading the code quickly, it seems that WANT_DEV_RANDOM should probably > be used as well, otherwise the RNG is seeded on time(NULL), which is > bad. > Humm, I agree that this might seem confusing and I’m not a crypto expert, but the seed is still relative to the timestamp, not NULL… it’s not random(null), but random(time(null)). Time(NULL) returns current time: http://stackoverflow.com/questions/7550269/what-is-timenull-in-c Also, as I mentioned before, srandomdev() does not exist in modern linux distributions, only srandom(). It does exist though in FreeBSD, but we are not concerned about it here… > I also looked at WANT_V6 and it seems mostly concerned about storage, > display and data structures, but network routines seem to do the right > thing, so i wonder why this is necessarily exclusive… > What makes you think so? Again, I am not an expert, but it does seem like networking code: static int64_t ot_try_bind( ot_ip6 ip, uint16_t port, PROTO_FLAG proto ) { int64 sock = proto == FLAG_TCP ? socket_tcp6( ) : socket_udp6( ); #ifndef WANT_V6 if( !ip6_isv4mapped(ip) ) { exerr( "V4 Tracker is V4 only!" ); } #else if( ip6_isv4mapped(ip) ) { exerr( "V6 Tracker is V6 only!" ); } #endif Since IPV4 is still the most popular stack today, should we package it with it enabled and look for an improvement (transparent ipv4/ipv6 support) later on? Thanks Antoine! Roman > a. > -- > Tout ce qui n’est pas donné est perdu. > - Proverbe indien
signature.asc
Description: Message signed with OpenPGP using GPGMail
