From owner-freebsd-net  Mon Apr 16 13: 8:22 2001
Delivered-To: freebsd-net@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-27.dsl.lsan03.pacbell.net [63.207.60.27])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6F73837B422; Mon, 16 Apr 2001 13:08:15 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 0CFD5678B8; Mon, 16 Apr 2001 13:08:15 -0700 (PDT)
Date: Mon, 16 Apr 2001 13:08:14 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Darren Reed <avalon@coombs.anu.edu.au>
Cc: Kris Kennaway <kris@obsecurity.org>,
	Mike Silbersack <silby@silby.com>,
	Mark T Roberts <newsletter@marktroberts.com>,
	freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG
Subject: Re: non-random IP IDs
Message-ID: <20010416130814.A12057@xor.obsecurity.org>
References: <20010416120630.C10023@xor.obsecurity.org> <200104162002.GAA09062@caligula.anu.edu.au>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200104162002.GAA09062@caligula.anu.edu.au>; from avalon@coombs.anu.edu.au on Tue, Apr 17, 2001 at 06:02:42AM +1000
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 17, 2001 at 06:02:42AM +1000, Darren Reed wrote:

> > > You should optimize it for mod being 2^n-1 (or make that a requiremen=
t).
> >=20
> > I'm afraid I don't have time to look at this right now.  Perhaps it
> > can be revisited (the sysctl defaults to off for now), or Niels Provos
> > may be interested in the idea.
>=20
> Basically it means '% mod' -> '& mod' and call it with a 2^n-1 number.

Oh, okay.

> > Well, it still has wrapping properties like a network-order counter,
> > i.e. the algorithm attempts to order the output so that it doesn't
> > wrap within the segment lifetime.  That would be lost without using
> > HTONS.
>=20
> You're confusing properties of the local number and some opaque bits in
> a packet being sent over the 'net.

Quite likely.

Kris

--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE621EuWry0BWjoQKURApyyAKCBB7Zt5a4iTdLd/p5UfsjwffMpBwCfScng
oR2Ef5UAJZl7DV94q312HM0=
=hVp+
-----END PGP SIGNATURE-----

--M9NhX3UHpAaciwkO--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message