Date: Tue, 17 Apr 2001 06:02:42 +1000 (Australia/ACT) From: Darren Reed <avalon@coombs.anu.edu.au> To: kris@obsecurity.org (Kris Kennaway) Cc: avalon@coombs.anu.edu.au (Darren Reed), kris@obsecurity.org (Kris Kennaway), silby@silby.com (Mike Silbersack), newsletter@marktroberts.com (Mark T Roberts), freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: non-random IP IDs Message-ID: <200104162002.GAA09062@caligula.anu.edu.au> In-Reply-To: <20010416120630.C10023@xor.obsecurity.org> from "Kris Kennaway" at Apr 16, 2001 12:06:30 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Kris Kennaway, sie said: > > > --TYecfFk8j8mZq+dy > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > On Tue, Apr 17, 2001 at 04:36:15AM +1000, Darren Reed wrote: > > > You should optimize it for mod being 2^n-1 (or make that a requirement). > > I'm afraid I don't have time to look at this right now. Perhaps it > can be revisited (the sysctl defaults to off for now), or Niels Provos > may be interested in the idea. Basically it means '% mod' -> '& mod' and call it with a 2^n-1 number. > > Also, drop the HTONS statements, they no longer make sense. Before ip_id > > was a counter and so it made sense (sorta) to change its byte ordering to > > network. Now it's just a random number so there is no longer any need. > > Well, it still has wrapping properties like a network-order counter, > i.e. the algorithm attempts to order the output so that it doesn't > wrap within the segment lifetime. That would be lost without using > HTONS. You're confusing properties of the local number and some opaque bits in a packet being sent over the 'net. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104162002.GAA09062>