From owner-freebsd-net@FreeBSD.ORG Fri Apr 3 21:16:20 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98898FAF; Fri, 3 Apr 2015 21:16:20 +0000 (UTC) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 574D3356; Fri, 3 Apr 2015 21:16:19 +0000 (UTC) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id BAD111FE022; Fri, 3 Apr 2015 23:16:16 +0200 (CEST) Message-ID: <551F034A.3040402@selasky.org> Date: Fri, 03 Apr 2015 23:16:58 +0200 From: Hans Petter Selasky User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: "freebsd-net@freebsd.org" , Gleb Smirnoff , "Robert N. M. Watson" Subject: Patch to reduce use of global IP ID value(s) to avoid leaking information Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 21:16:20 -0000 Hi, Moving this discussion away from the committers list, like requested by Gorge N. On 04/03/15 17:14, Gleb Smirnoff wrote:> Hans, > > What the hell? At Fri, 3 Apr 2015 15:41:21 +0300 (MSK) you ask: An expression like that requires a good answer. I've pulled together some parts and pieces from some existing code to make a test application showing the problem. Maybe when you hear the problem with your own ears, you will get it. Setup: I'm running 11-current prior to Gleb's IP ID commits. Possibly Gleb's IP ID commits won't change much. This little crude application I've called "pingphone" almost allows you to speak PCM audio through ICMP packets with zero payload. You need a computer with a sound card that can handle 8KHz PCM which plays through the default /dev/dsp ! Set the default audio adapter using: sysctl hw.snd.default_unit=XXX Also make sure that "kern.hz" is set to 1000 or 8000 and not 100. Else change it and reboot. fetch http://home.selasky.org:8192/privat/pingphone/pingphone.c Or try this if the above fails: fetch http://home.selasky.org/privat/pingphone/pingphone.c Compile it: cc -Wall pingphone.c Let me know if it doesn't compile. Start the ping recorder on localhost (IPv4): ./a.out -m 1 -T 127.0.0.1 Start audio producer on localhost: ./a.out -m 0 -T 127.0.0.1 Stop audio producer on localhost. Start the audio producer from another box so that the traffic goes accross a real network. Maybe inside a jail too? ./a.out -m 0 -T 192.168.x.x Still don't understand what the problem is? Should I make it play some Beethoven piece perhaps ;-) When you're done you maybe want to restore the ICMP limit back to the default: sysctl net.inet.icmp.icmplim=200 What's stated in: https://svnweb.freebsd.org/changeset/base/281024 Is correct. I see no technical reason to pull that out. For the future I've made a new project branch called "hps_head" where I will do development for sys/net/ sys/netinet and sys/netinet6 if I need. Gleb and Robert: You will have -current all to yourself and I hope to not receive any further angry comments from you regarding the issues that appeared this easter. Thank you for the attention. --HPS