cvs commit: src/sys/netinet ip_id.c ip_input.c
Matthew Dillon
dillon at crater.dragonflybsd.org
Thu Nov 22 11:59:03 PST 2007
dillon 2007/11/22 11:57:14 PST
DragonFly src repository
Modified files:
sys/netinet ip_id.c ip_input.c
Log:
Replace the very predictable 'random' IP sequence number generator with
something far less predictable. Use DragonFly's built-in PRNG and add a
shuffle algorithm. We eat 128KB of ram for the shuffle array but I've
pretty much had it with roll-your-own PRNGs. At least this way any PRNG
issues can be corrected in one place -- our system PRNG.
Turn net.inet.ip.random_id on by default. Eat the minor loss in performance.
On the bright side, our PRNG is very fast, so this should not represent
a burden.
References: Analysis of BSD ip randomizer algorithm by "Amit Klein"
<amit.klein at trusteer.com> showing serious vulnerabilities in
the algorithm.
Revision Changes Path
1.7 +72 -169 src/sys/netinet/ip_id.c
1.74 +1 -1 src/sys/netinet/ip_input.c
http://www.dragonflybsd.org/cvsweb/src/sys/netinet/ip_id.c.diff?r1=1.6&r2=1.7&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/netinet/ip_input.c.diff?r1=1.73&r2=1.74&f=u
More information about the Commits
mailing list