On Sat, Sep 06, 2003 at 01:25:12PM +1000, Daniel Carosone wrote:
> On Sat, Sep 06, 2003 at 12:24:55AM +0000, Jun-ichiro itojun Hagino wrote:
> > 
> > Module Name:	src
> > Committed By:	itojun
> > Date:		Sat Sep  6 00:24:54 UTC 2003
> > 
> > Modified Files:
> > 	src/sys/netinet: ip_input.c
> > 
> > Log Message:
> > backout previous, we don't know if arc4random() corrides on reboot.
> 
> It's been a while since I looked at it, but Thor and I went to some
> effort a while ago to make sure that rnd(4) and arc4random() were
> at least initialiased before being used.
> 
> There is certainly an issue of a shortage of good entropy early in
> the boot process, so the "quality" of randomness should be questioned,
> but for machines with rnd(4) there should not be collisions,
> especially if there is a cycle counter. For machines without rnd(4),
> it is possible, but all generators on such machines are suspect.

I'm not sure that arc4random is appropriate for ip sequence numbers,
it doesn't have the correct properties.  In particular the same output
value can be generated by adjacent calls to the function - which you
definitely don't want!  This will be true for any generator with more
that 32 bits of state (or rather if the required value is smaller than
the state).

I don't know what the other places you have changed with thinking it
through are....

	David

-- 
David Laight: david@l8s.co.uk