Subject: Re: random ip_id must be configurable
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Manuel Bouyer <>
List: tech-net
Date: 09/11/2003 22:58:44
On Thu, Sep 11, 2003 at 01:04:45PM -0700, Jonathan Stone wrote:
> The traditional incrementing IP id code was recently replaced (without
> discussion) with an OpenBSD-derived pseudo-random IP id.
> This change was made despite the relatively recent discussion of the
> technical issue, in which most (if not all) the following points came up:
>  * Its not  clear to all of us that the "vulerability" to DNS requests
>    is widespread,[    or that randomizing the ip_id is the best way to close it.
>  * There are environments where the computational cost does not justify
>   deploying this fix.
>  * There are environments where the downside of reducing the (already small)
>    ip_id space overwhelms the alleged security gains.
> (To paraphrase an observation Bill STudenmund made in a different context:
>    ``this code needs to be fast.')
> I therefore intend to to make randomisation of the IP id field be a
> config-time option. Personally I beleive the default should be to not
> randomize; though i amo open to other suggestions, such as making it
> sysctl'able (changeable at low security levels), with an
> inline-function to make the test and (if using increment) return the
> increnemted global; otherwise do a full function call to get a
> pseudo-random IP id.

I'd prefer to have it sysctl'able. I hate to have to rebuild kernel because
of an option.

Manuel Bouyer <>
     NetBSD: 24 ans d'experience feront toujours la difference