Subject: Re: CVS commit: src/sys/netinet
To: None <source-changes@NetBSD.org>
From: Darren Reed <email@example.com>
Date: 09/08/2003 17:44:37
From Steven Bellovin:
> The IPid field shouldn't repeat
> for somewhat longer than the fragment lifetime on the receiving system.
Given the speed in which the IP ID field can be recycled, these days, we
should look at ways that allow the ID number to be reused "safely". On
systems that are sending out large amounts of traffic, the randomised
ID field does not add a lot of value at all (consider if you will the
original premis for this was scanning otherwise "quiet" hosts.)
As an example of different methods, can we reasonably expect to use one
sequence set per protocol or even one sequence set per IP address pair ?
Should we possibly think about a sysctl knob that choses the IPid slection
algorithm so that it can be tuned for "best fit" ? Picking "random" as the
default might not be a bad idea to begin with either.
(0 = sequential, 1 = random, 2 = per proto, 3 = per IP pair...)
And of course, do the costs outweigh the benefits of other alternatives in
supporting multiple alternatives for this ?