From owner-freebsd-net@FreeBSD.ORG  Sun May  4 10:50:13 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F042837B401
	for <net@FreeBSD.org>; Sun,  4 May 2003 10:50:13 -0700 (PDT)
Received: from web.cs.ndsu.nodak.edu (web.cs.ndsu.NoDak.edu [134.129.125.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 422B143F75
	for <net@FreeBSD.org>; Sun,  4 May 2003 10:50:13 -0700 (PDT)
	(envelope-from tinguely@web.cs.ndsu.nodak.edu)
Received: from web.cs.ndsu.nodak.edu (localhost [127.0.0.1])
	by web.cs.ndsu.nodak.edu (8.12.9/8.11.4) with ESMTP id h44HoCWr077631;
	Sun, 4 May 2003 12:50:12 -0500 (CDT)
	(envelope-from tinguely@web.cs.ndsu.nodak.edu)
Received: (from tinguely@localhost)
	by web.cs.ndsu.nodak.edu (8.12.9/8.12.8/Submit) id h44HoBbo077630;
	Sun, 4 May 2003 12:50:11 -0500 (CDT)
	(envelope-from tinguely)
Date: Sun, 4 May 2003 12:50:11 -0500 (CDT)
From: mark tinguely <tinguely@web.cs.ndsu.nodak.edu>
Message-Id: <200305041750.h44HoBbo077630@web.cs.ndsu.nodak.edu>
To: net@FreeBSD.org, silby@silby.com
Subject: Re: Reducing ip_id information leakage
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2003 17:50:14 -0000


on Wed, 30 Apr 2003 01:58:36 CDT, Mike Silbersack <silby@silby.com> said:

> It's too bad we don't have an inexpensive function we can use for the !DF
> case.  I'd like to make the OpenBSD function the default for frag packets,
> but it seems just too heavyweight.

I guess I am in the mood to beat a dead horse....

1) Have a less global counter (limit wrap on highspeed connections) that
   starts with a random initial number.
2) Each DF packet in this counter group, add a relative prime number.
	a) can also choose a random relative prime when this counter is
	   created.

Results:
Keeps the 2^16 numbering space.
Less global (think per interface, or per source/destination/port as mentioned
that is done in Solaris).
The overhead is only 32 bits of storage and a couple accesses more.

--Mark Tinguely