From owner-freebsd-net@FreeBSD.ORG Wed Jul 8 12:43:11 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDE221065670 for ; Wed, 8 Jul 2009 12:43:11 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33]) by mx1.freebsd.org (Postfix) with SMTP id 2FF558FC18 for ; Wed, 8 Jul 2009 12:43:10 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: (qmail 31986 invoked from network); 8 Jul 2009 12:16:30 -0000 Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33) by bizet.nethelp.no with SMTP; 8 Jul 2009 12:16:30 -0000 Date: Wed, 08 Jul 2009 14:16:30 +0200 (CEST) Message-Id: <20090708.141630.78743642.sthaug@nethelp.no> To: freebsd-net@freebsd.org From: sthaug@nethelp.no X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Missing MFC of Silbersack/Klein IP id generation? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jul 2009 12:43:12 -0000 According to the comments for rev. 1.10 of netinet/ip_id.c, from http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c this is to be MFCed after 2 weeks (i.e. 2 weeks after 6. February 2008). And yet here we are in July 2009, and 7-STABLE shows no sign of this version of the IP id generation code but instead has the version that Amit Klein showed had problems, http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf Is this a deliberate choice? Steinar Haug, Nethelp consulting, sthaug@nethelp.no