cvs commit: src/sys/netinet ip_id.c ip_input.c

Matthew Dillon dillon at crater.dragonflybsd.org
Thu Nov 22 11:59:03 PST 2007


dillon      2007/11/22 11:57:14 PST

DragonFly src repository

  Modified files:
    sys/netinet          ip_id.c ip_input.c 
  Log:
  Replace the very predictable 'random' IP sequence number generator with
  something far less predictable.  Use DragonFly's built-in PRNG and add a
  shuffle algorithm.  We eat 128KB of ram for the shuffle array but I've
  pretty much had it with roll-your-own PRNGs.  At least this way any PRNG
  issues can be corrected in one place -- our system PRNG.
  
  Turn net.inet.ip.random_id on by default.  Eat the minor loss in performance.
  On the bright side, our PRNG is very fast, so this should not represent
  a burden.
  
  References: Analysis of BSD ip randomizer algorithm by "Amit Klein"
  	    <amit.klein at trusteer.com> showing serious vulnerabilities in
  	    the algorithm.
  
  Revision  Changes    Path
  1.7       +72 -169   src/sys/netinet/ip_id.c
  1.74      +1 -1      src/sys/netinet/ip_input.c


http://www.dragonflybsd.org/cvsweb/src/sys/netinet/ip_id.c.diff?r1=1.6&r2=1.7&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/netinet/ip_input.c.diff?r1=1.73&r2=1.74&f=u





More information about the Commits mailing list