Date: Fri, 7 Nov 2014 08:31:47 -0800 From: Adrian Chadd <adrian@freebsd.org> To: grarpamp <grarpamp@gmail.com> Cc: tor-relays@lists.torproject.org, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network) Message-ID: <CAJ-VmomY34S=Lx5uNF_9%2BuSjd=74fCEFwOeo_CvSUO1qRFVH1A@mail.gmail.com> In-Reply-To: <CAD2Ti2-eKzbU3trE0qiTDdK73hsxNGuRy7VJee52%2BWmNC5H%2BmA@mail.gmail.com> References: <CAD2Ti28BFsedyPC7VBR-Rz8c2_4CAQDnBFopnRHEX45sgqmjtA@mail.gmail.com> <20141106135228.GE3824@nymity.ch> <CAD2Ti2-eKzbU3trE0qiTDdK73hsxNGuRy7VJee52%2BWmNC5H%2BmA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
... that's .. odd. Let's poke the freebsd crypto and network stack people and ask. I can't imagine why this is a problem anymore and we should default to it being on. The other thing you could do is have the tor port require it be turned on before tor runs. -adrian On 7 November 2014 00:20, grarpamp <grarpamp@gmail.com> wrote: > On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter <phw@nymity.ch> wrote: >> On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: >>> 173 FreeBSD >> >> FreeBSD still seems to use globally incrementing IP IDs by default. >> That's an issue as it leaks fine-grained information about how many >> packets a relay's networking stack processes. (However, nobody >> investigated the exact impact on Tor relays so far, which makes this a >> FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD >> relays I tested (38%) use global IP IDs. >> >> There's a sysctl variable called "net.inet.ip.random_id" which makes a >> FreeBSD's IP ID behaviour random. FreeBSD relay operators should set >> this to "1". >> >> Note that this issue was already discussed earlier this year in a thread >> called "Lots of tor relays send out sequential IP IDs; please fix >> that!". > > It's been default off since before it was a sysctl over a decade ago. > Anyone know what the deal is with that? Some objection, or > forgotten flag day, or oversight that really should be set to 1? > https://svnweb.freebsd.org/base?view=revision&revision=133720 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmomY34S=Lx5uNF_9%2BuSjd=74fCEFwOeo_CvSUO1qRFVH1A>