From owner-svn-src-all@FreeBSD.ORG Fri Apr 3 11:27:33 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D894CB96; Fri, 3 Apr 2015 11:27:33 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 58F7AB70; Fri, 3 Apr 2015 11:27:32 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id t33BRUcV072507 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 3 Apr 2015 14:27:30 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id t33BRU9o072506; Fri, 3 Apr 2015 14:27:30 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 3 Apr 2015 14:27:30 +0300 From: Gleb Smirnoff To: Hans Petter Selasky Subject: Re: svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf Message-ID: <20150403112730.GP64665@FreeBSD.org> References: <551D8C6C.9060504@selasky.org> <551DA5EA.1080908@selasky.org> <551DAC9E.9010303@selasky.org> <358EC58D-1F92-411E-ADEB-8072020E9EB3@FreeBSD.org> <551DEF26.4000403@selasky.org> <4B7DAA59-389F-41AE-99D8-034A7AA61C99@FreeBSD.org> <551E520E.1040708@selasky.org> <6DF5FB51-8135-4144-BD3A-6E4127A23AA7@FreeBSD.org> <551E5C38.7070203@selasky.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <551E5C38.7070203@selasky.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Mateusz Guzik , Ian Lepore , svn-src-all@freebsd.org, src-committers@freebsd.org, "Robert N. M. Watson" , svn-src-head@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 11:27:34 -0000 On Fri, Apr 03, 2015 at 11:24:08AM +0200, Hans Petter Selasky wrote: H> What's described there is entirely about Peer2Peer communication. What H> I'm describing is broadcast for the whole system or firewall. Don't you H> understand that the IP ID counter is _linearly_ adding up and feeding H> back the sum to the source. It is like a radio channel for the whole H> firewall. Do you know how analog modems work? I have other things to do H> this easter and I don't want to spend more time with this either. I H> think the people responsible in the IP-stack area should make a fix. The H> IP ID must be randomized much more than it is today. Please put net.inet.ip.random_id=1 into your /etc/sysctl.conf, don't worry and be happy. -- Totus tuus, Glebius.