From owner-freebsd-net Mon Apr 16 11:31:21 2001 Delivered-To: freebsd-net@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id C887237B43F; Mon, 16 Apr 2001 11:31:14 -0700 (PDT) (envelope-from avalon@caligula.anu.edu.au) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id EAA01848; Tue, 17 Apr 2001 04:30:40 +1000 (EST) From: Darren Reed Message-Id: <200104161830.EAA01848@caligula.anu.edu.au> Subject: Re: non-random IP IDs To: wes@softweyr.com (Wes Peters) Date: Tue, 17 Apr 2001 04:30:40 +1000 (Australia/ACT) Cc: kris@obsecurity.org (Kris Kennaway), freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG In-Reply-To: <3ADB0389.5D236D88@softweyr.com> from "Wes Peters" at Apr 16, 2001 08:36:57 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Wes Peters, sie said: > > Kris Kennaway wrote: > > > > On Thu, Apr 12, 2001 at 12:40:32AM -0500, Mike Silbersack wrote: > > > > > Each IP packet sent has with it a 16-bit ID. The numbers must remain > > > unique over a short period of time so fragmentation can work properly. As > > > such, everything except recent openbsds simple increments the id by 1 for > > > each packet sent out. > > > > > > As a result, you can tell the number of packets sent on an idle host by > > > seeing the difference in id numbers for the packets it sends back to you. > > > It's not really that important of an issue, don't worry about it. > > > > Here's a patch ported from OpenBSD which randomizes this (supposedly > > such that it respects the constraint of not wrapping within the > > prescribed time period). I should wrap it in a sysctl, I guess. > > > > http://www.freebsd.org/~kris/ipid.patch > > > > Comments? > > Looks clean. The only comment I can find is: Why not have ip_randomid() > return the ID in network byte order? It would save several HTONS macros > trailing the ip_randomid() calls. Why do it at all ? Why do you want to covert an opaque number from one byte format to the other? The only reason ip_id should be being converted *FROM* network byte order to host byte order is for display purposes. If you disagree with me, think for a moment about what it *really* is. Afterall, two random bytes are two random bytes, regardless of which is first. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message