[PATCH] turn RANDOM_IP_ID into a sysctl

Gordon Bergling gbergling at 0xfce3.net
Wed Aug 10 08:48:23 PDT 2005


Hi,

the following patch turns RANDOM_IP_ID into a sysctl tunable.

http://generic.0xfce3.net/dragonflybsd/20050810-randomipid.patch

regards,

  Gordon

Index: sys/conf/options
===================================================================
RCS file: /home/dcvs/src/sys/conf/options,v
retrieving revision 1.39
diff -u -r1.39 options
--- sys/conf/options    1 Aug 2005 20:11:18 -0000       1.39
+++ sys/conf/options    10 Aug 2005 11:58:49 -0000
@@ -314,7 +314,6 @@
PPP_BSDCOMP            opt_ppp.h
PPP_DEFLATE            opt_ppp.h
PPP_FILTER             opt_ppp.h
-RANDOM_IP_ID
SLIP_IFF_OPTS          opt_slip.h
TCPDEBUG
TCP_DROP_SYNFIN                opt_tcp_input.h
Index: sys/i386/conf/LINT
===================================================================
RCS file: /home/dcvs/src/sys/i386/conf/LINT,v
retrieving revision 1.57
diff -u -r1.57 LINT
--- sys/i386/conf/LINT  1 Aug 2005 20:11:18 -0000       1.57
+++ sys/i386/conf/LINT  10 Aug 2005 11:58:01 -0000
@@ -626,13 +626,6 @@
# test cases.
options         MBUF_STRESS_TEST
-# RANDOM_IP_ID causes the ID field in IP packets to be randomized
-# instead of incremented by 1 with each packet generated.  This
-# option closes a minor information leak which allows remote
-# observers to determine the rate of packet generation on the
-# machine by watching the counter.
-options        RANDOM_IP_ID
-
# Statically link in accept filters
options                ACCEPT_FILTER_DATA
options                ACCEPT_FILTER_HTTP
Index: sys/net/ip_mroute/Makefile
===================================================================
RCS file: /home/dcvs/src/sys/net/ip_mroute/Makefile,v
retrieving revision 1.3
diff -u -r1.3 Makefile
--- sys/net/ip_mroute/Makefile  15 Aug 2003 07:03:10 -0000      1.3
+++ sys/net/ip_mroute/Makefile  10 Aug 2005 12:00:39 -0000
@@ -3,14 +3,11 @@
. PATH: ${.CURDIR}/../../netinet
KMOD=  ip_mroute
-SRCS=  ip_mroute.c opt_mrouting.h opt_random_ip_id.h
+SRCS=  ip_mroute.c opt_mrouting.h
NOMAN=
CFLAGS+= -DMROUTE_LKM -DMROUTING
opt_mrouting.h:
      echo "#define MROUTING 1" > ${.TARGET}
-opt_random_ip_id.h:
-       echo > ${.TARGET}
-
. include <bsd.kmod.mk>
Index: sys/net/ip_mroute/ip_mroute.c
===================================================================
RCS file: /home/dcvs/src/sys/net/ip_mroute/ip_mroute.c,v
retrieving revision 1.17
diff -u -r1.17 ip_mroute.c
--- sys/net/ip_mroute/ip_mroute.c       15 Jun 2005 18:29:30 -0000      
1.17
+++ sys/net/ip_mroute/ip_mroute.c       10 Aug 2005 12:07:35 -0000
@@ -22,7 +22,6 @@
*/

#include "opt_mrouting.h"
-#include "opt_random_ip_id.h"
#ifdef PIM
#define _PIM_VT 1
@@ -1675,11 +1674,7 @@
    */
   ip_copy = mtod(mb_copy, struct ip *);
   *ip_copy = multicast_encap_iphdr;
-#ifdef RANDOM_IP_ID
-    ip_copy->ip_id = ip_randomid();
-#else
-    ip_copy->ip_id = htons(ip_id++);
-#endif
+    ip_copy->ip_id = ip_newid();
   ip_copy->ip_len += len;
   ip_copy->ip_src = vifp->v_lcl_addr;
   ip_copy->ip_dst = vifp->v_rmt_addr;
@@ -2977,11 +2972,7 @@
    */
   ip_outer = mtod(mb_first, struct ip *);
   *ip_outer = pim_encap_iphdr;
-#ifdef RANDOM_IP_ID
-    ip_outer->ip_id = ip_randomid();
-#else
-    ip_outer->ip_id = htons(ip_id++);
-#endif
+    ip_outer->ip_id = ip_newid();
   ip_outer->ip_len = len + sizeof(pim_encap_iphdr) + 
sizeof(pim_encap_pimhdr);
   ip_outer->ip_src = viftable[vifi].v_lcl_addr;
   ip_outer->ip_dst = rt->mfc_rp;
Index: sys/netinet/ip_id.c
===================================================================
RCS file: /home/dcvs/src/sys/netinet/ip_id.c,v
retrieving revision 1.4
diff -u -r1.4 ip_id.c
--- sys/netinet/ip_id.c 21 Dec 2004 02:54:15 -0000      1.4
+++ sys/netinet/ip_id.c 10 Aug 2005 12:02:01 -0000
@@ -58,13 +58,11 @@
* This avoids reuse issues caused by reseeding.
*/

-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/random.h>
-#ifdef RANDOM_IP_ID
#define RU_OUT  180            /* Time after wich will be reseeded */
#define RU_MAX 30000           /* Uniq cycle, avoid blackjack prediction */
#define RU_GEN 2               /* Starting generator */
@@ -207,5 +205,3 @@
      return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb;
}
-
-#endif /* RANDOM_IP_ID */
Index: sys/netinet/ip_input.c
===================================================================
RCS file: /home/dcvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.55
diff -u -r1.55 ip_input.c
--- sys/netinet/ip_input.c      17 Jun 2005 19:12:20 -0000      1.55
+++ sys/netinet/ip_input.c      10 Aug 2005 15:06:33 -0000
@@ -94,7 +94,6 @@
#include "opt_ipfilter.h"
#include "opt_ipstealth.h"
#include "opt_ipsec.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -196,6 +195,10 @@
   &ip_sendsourcequench, 0,
   "Enable the transmission of source quench packets");
+int ip_do_randomid = 0;
+SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW,
+    &ip_do_randomid, 0,
+    "Assign random ip_id values");
/*
* XXX - Setting ip_checkinterface mostly implements the receive side of
* the Strong ES model described in RFC 1122, but since the routing table
@@ -370,9 +373,7 @@
      maxnipq = nmbclusters / 32;
      maxfragsperpacket = 16;
-#ifndef RANDOM_IP_ID
      ip_id = time_second & 0xffff;
-#endif
      ipintrq.ifq_maxlen = ipqmaxlen;
      /*
Index: sys/netinet/ip_output.c
===================================================================
RCS file: /home/dcvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.31
diff -u -r1.31 ip_output.c
--- sys/netinet/ip_output.c     17 Jun 2005 19:12:20 -0000      1.31
+++ sys/netinet/ip_output.c     10 Aug 2005 12:09:15 -0000
@@ -38,7 +38,6 @@
#include "opt_ipdivert.h"
#include "opt_ipfilter.h"
#include "opt_ipsec.h"
-#include "opt_random_ip_id.h"
#include "opt_mbuf_stress_test.h"
#include <sys/param.h>
@@ -210,11 +209,7 @@
      if (!(flags & (IP_FORWARDING|IP_RAWOUTPUT))) {
              ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2);
              ip->ip_off &= IP_DF;
-#ifdef RANDOM_IP_ID
-               ip->ip_id = ip_randomid();
-#else
-               ip->ip_id = htons(ip_id++);
-#endif
+               ip->ip_id = ip_newid();
              ipstat.ips_localout++;
      } else {
              hlen = IP_VHL_HL(ip->ip_vhl) << 2;
Index: sys/netinet/ip_var.h
===================================================================
RCS file: /home/dcvs/src/sys/netinet/ip_var.h,v
retrieving revision 1.16
diff -u -r1.16 ip_var.h
--- sys/netinet/ip_var.h        18 Apr 2005 14:26:57 -0000      1.16
+++ sys/netinet/ip_var.h        10 Aug 2005 14:47:01 -0000
@@ -158,9 +158,7 @@
struct sockopt;
struct lwkt_port;
-#ifndef RANDOM_IP_ID
extern u_short ip_id;                          /* ip packet ctr, for ids */
-#endif
extern int     ip_defttl;                      /* default IP ttl */
extern int     ipforwarding;                   /* ip forwarding */
extern struct route ipforward_rt;              /* ip forwarding cached 
route */
@@ -195,10 +193,7 @@
struct mbuf *
       ip_srcroute(void);
void    ip_stripoptions(struct mbuf *);
-#ifdef RANDOM_IP_ID
-u_int16_t
-        ip_randomid(void);
-#endif
+u_int16_t ip_randomid(void);
int    rip_ctloutput(struct socket *, struct sockopt *);
void   rip_ctlinput(int, struct sockaddr *, void *);
void   rip_init(void);
@@ -223,6 +218,18 @@

void   in_delayed_cksum(struct mbuf *m);

+static __inline uint16_t ip_newid(void);
+extern int ip_do_randomid;
+
+static __inline uint16_t
+ip_newid(void)
+{
+    if (ip_do_randomid)
+       return ip_randomid();
+
+    return htons(ip_id++);
+}
+
#endif /* _KERNEL */
#endif /* !_NETINET_IP_VAR_H_ */
Index: sys/netinet/raw_ip.c
===================================================================
RCS file: /home/dcvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.22
diff -u -r1.22 raw_ip.c
--- sys/netinet/raw_ip.c        2 Jun 2005 23:52:42 -0000       1.22
+++ sys/netinet/raw_ip.c        10 Aug 2005 12:13:49 -0000
@@ -37,7 +37,6 @@
#include "opt_inet6.h"
#include "opt_ipsec.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -297,11 +296,7 @@
                      return EINVAL;
              }
              if (ip->ip_id == 0)
-#ifdef RANDOM_IP_ID
-                       ip->ip_id = ip_randomid();
-#else
-                       ip->ip_id = htons(ip_id++);
-#endif
+                       ip->ip_id = ip_newid();
              /* XXX prevent ip_output from overwriting header fields */
              flags |= IP_RAWOUTPUT;
              ipstat.ips_rawout++;
Index: sys/netproto/ipsec/xform_ipip.c
===================================================================
RCS file: /home/dcvs/src/sys/netproto/ipsec/xform_ipip.c,v
retrieving revision 1.11
diff -u -r1.11 xform_ipip.c
--- sys/netproto/ipsec/xform_ipip.c     10 Jun 2005 23:59:31 -0000      
1.11
+++ sys/netproto/ipsec/xform_ipip.c     10 Aug 2005 12:17:12 -0000
@@ -42,7 +42,6 @@
*/
#include "opt_inet.h"
#include "opt_inet6.h"
-#include "opt_random_ip_id.h"

#include <sys/param.h>
#include <sys/systm.h>
@@ -450,11 +449,7 @@
              ipo->ip_src = saidx->src.sin.sin_addr;
              ipo->ip_dst = saidx->dst.sin.sin_addr;
-#ifdef RANDOM_IP_ID
-               ipo->ip_id = ip_randomid();
-#else
-               ipo->ip_id = htons(ip_id++);
-#endif
+               ipo->ip_id = ip_newid();
              /* If the inner protocol is IP... */
              if (tp == IPVERSION) {


--
Gordon Bergling <GBergling at 0xfce3.net>     http://www.0xFCE3.net/
PGP Fingerprint:  7732 9BB1 5013 AE8B E42C  28E0 93B9 D32B C76F 02A0
RIPE-HDL: MDTP-RIPE             "There is no place like 127.0.0.0/8"





More information about the Submit mailing list