Re: PRNG benchmark results and proposal

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 4 May 2008 18:19:49 -0700 or thereabouts Fyodor
<fyodor () insecure org> wrote:

> On Mon, May 05, 2008 at 12:45:05AM +0000, Brandon Enright wrote:
> > So, I propose we change all random number generation to use DNet's
> > PRNG at all times.  It is fast, portable C, already included in
> > Nmap, and quite a bit higher quality than we actually /need/.
>
> Thanks for benchmarking.  Sounds good to me!
>
> > I'd like someone to weigh in on BSD/GPL licensing conflicts before I
> > proceed to either use rand.c or re-write rand.c for nbase_rnd.
>
> I believe the BSD/GPL licensing conflict involves traditional BSD with
> advertising clause.  Libdnet doesn't have that clause (see
> nmap/libdnet-stripped/LICENSE).  So code from dnet's rand.c can be
> used.  Of course the rand.c authors need to be credited in the code
> (even if it is rewritten).
>
> So I'm not opposed to rewriting the code if it is short, but we don't
> have to either.
>
> Cheers,
> -F

Okay, attached is the patch to move (with re-write) dnet's rand.c
routine into nbase_rnd.c

The re-write ended up going pretty smoothly and I was able to adapt the
dnet rand API to better fit into the nbase API.  I decided to eliminate
the malloc/free state struct design in favor of using a static struct.
Nmap doesn't need multiple RNG states so this ends up being cleaner.

I've tested this patch on Linux x86 and Linux x86_64.  I'd like it if
someone more familiar with other OSes (like Windows) give the patch a
look-over/test.

Note that although this patch dramatically speeds up the random
number generation, generating random IPs with -iR isn't speed up much
because most of the time is spent in other routines.  Nmap should
probably be profiled while using -iR; there are likely to be some big
and easy gains in the other routines involved.

Once I get the thumbs up, I'll check this patch in and remove
dnet/rand.c  I'll also go through the rest of Nmap's code and
transition all rand() calls over to use the nbase_rnd API.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkgeipUACgkQqaGPzAsl94KO1wCfc+pAOXKo9zF0WJ/KGDWYi74Q
ZQkAnj+X1tX+nHliH7htTCDfq6XzT18w
=9dSe
-----END PGP SIGNATURE-----

Attachment: nmap_rand.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org