cvs commit: src/sys/netinet ip_id.c ip_input.c

Matthew Dillon dillon at
Thu Nov 22 11:59:03 PST 2007

dillon      2007/11/22 11:57:14 PST

DragonFly src repository

  Modified files:
    sys/netinet          ip_id.c ip_input.c 
  Replace the very predictable 'random' IP sequence number generator with
  something far less predictable.  Use DragonFly's built-in PRNG and add a
  shuffle algorithm.  We eat 128KB of ram for the shuffle array but I've
  pretty much had it with roll-your-own PRNGs.  At least this way any PRNG
  issues can be corrected in one place -- our system PRNG.
  Turn net.inet.ip.random_id on by default.  Eat the minor loss in performance.
  On the bright side, our PRNG is very fast, so this should not represent
  a burden.
  References: Analysis of BSD ip randomizer algorithm by "Amit Klein"
  	    <amit.klein at> showing serious vulnerabilities in
  	    the algorithm.
  Revision  Changes    Path
  1.7       +72 -169   src/sys/netinet/ip_id.c
  1.74      +1 -1      src/sys/netinet/ip_input.c

More information about the Commits mailing list