From owner-freebsd-net@FreeBSD.ORG  Sat Apr  4 08:39:49 2015
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 696F5E04;
 Sat,  4 Apr 2015 08:39:49 +0000 (UTC)
Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2612BA49;
 Sat,  4 Apr 2015 08:39:49 +0000 (UTC)
Received: from laptop015.home.selasky.org
 (cm-176.74.213.204.customer.telag.net [176.74.213.204])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.turbocat.net (Postfix) with ESMTPSA id 1E4B71FE022;
 Sat,  4 Apr 2015 10:39:44 +0200 (CEST)
Message-ID: <551FA37B.90609@selasky.org>
Date: Sat, 04 Apr 2015 10:40:27 +0200
From: Hans Petter Selasky <hps@selasky.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: Re: Patch to reduce use of global IP ID value(s) to avoid leaking
 information
References: <551F034A.3040402@selasky.org>
 <20150403213641.GM64665@glebius.int.ru>
In-Reply-To: <20150403213641.GM64665@glebius.int.ru>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
 "Robert N. M. Watson" <rwatson@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 08:39:49 -0000

Hi Gleb,

On 04/03/15 23:36, Gleb Smirnoff wrote:
> The documentation on net.inet.ip.random_id is solid and doesn't need the
> text from your commit.

Let me detail a bit more. The old text describing "random_id" clearly 
gives the wrong impression. It says that information is only leaking one 
way. It is for sure very misleading. Information can leak both from the 
inside to the outside and from the outside to the inside. And also 
between two outsiders or two insiders. That's what's scares me.

Try using my testapp if you don't believe me.

Given that the ICMP limit is 200 per second by default, I would guess 
that 199 bits could at maximum be transferred per second in between two 
parties using the proper algorithms.

If I myself was setting up a firewall, this is the kind of stuff I would 
like to know about in advance.

--HPS