On Friday, September 12, 2003, at 03:28 PM, itojun@iijlab.net wrote:
> 	based on nmap OS fingerprint database, freebsd randomizes ip_id.
> 	also you see even quite a few embedded products (like small broadband
> 	router) randomizes ip_id.  why we can't do it for netbsd.

That's not the right question.  We can do it.
The right question is: Why should we?

And for that I have not seen a convincing case that it's worth the
overhead.

Lastly, if I was going to do it, I would use the Solaris approach and
allocate those ip_id structures automagically in the inpcb code and pass
the structure to ip_output to use.  (Of course, for icmp or igmp I'd 
just
use a global structure and keep one per protocol).
-- 
Matt Thomas                     email: matt@3am-software.com
3am Software Foundry              www: 
http://3am-software.com/bio/matt/ Cupertino, CA              
disclaimer: I avow all knowledge of this message.