From owner-freebsd-net  Mon Apr 16  7:37:31 2001
Delivered-To: freebsd-net@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP
	id 248BD37B43F; Mon, 16 Apr 2001 07:37:25 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from [127.0.0.1] (helo=softweyr.com ident=67b8f9b839749317407b58ec008f73e6)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14pA7d-0000Vq-00; Mon, 16 Apr 2001 08:36:58 -0600
Message-ID: <3ADB0389.5D236D88@softweyr.com>
Date: Mon, 16 Apr 2001 08:36:57 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-security@FreeBSD.ORG, net@FreeBSD.org
Subject: Re: non-random IP IDs
References: <001f01c0c30b$805b0840$d2e2fdce@netrex.com> <Pine.BSF.4.31.0104120035120.2153-100000@achilles.silby.com> <20010416020311.A1292@xor.obsecurity.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris Kennaway wrote:
> 
> On Thu, Apr 12, 2001 at 12:40:32AM -0500, Mike Silbersack wrote:
> 
> > Each IP packet sent has with it a 16-bit ID.  The numbers must remain
> > unique over a short period of time so fragmentation can work properly.  As
> > such, everything except recent openbsds simple increments the id by 1 for
> > each packet sent out.
> >
> > As a result, you can tell the number of packets sent on an idle host by
> > seeing the difference in id numbers for the packets it sends back to you.
> > It's not really that important of an issue, don't worry about it.
> 
> Here's a patch ported from OpenBSD which randomizes this (supposedly
> such that it respects the constraint of not wrapping within the
> prescribed time period).  I should wrap it in a sysctl, I guess.
> 
>   http://www.freebsd.org/~kris/ipid.patch
> 
> Comments?

Looks clean.  The only comment I can find is: Why not have ip_randomid()
return the ID in network byte order?  It would save several HTONS macros
trailing the ip_randomid() calls.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message