Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Revert the (default) ip_id algorithm to the pre-randomid...
details: https://anonhg.NetBSD.org/src/rev/a20d00751b3a
branches: trunk
changeset: 555443:a20d00751b3a
user: jonathan <jonathan%NetBSD.org@localhost>
date: Mon Nov 17 21:34:27 2003 +0000
description:
Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code. Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.
Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be provided.
This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.
diffstat:
sys/netinet/files.netinet | 6 +++---
sys/netinet/ip_mroute.c | 6 +++---
sys/netinet/ip_output.c | 6 +++---
sys/netinet/ip_var.h | 20 +++++++++++++++++++-
sys/netinet/raw_ip.c | 6 +++---
sys/netinet6/ipsec.c | 6 +++---
sys/netipsec/xform_ipip.c | 8 +++++---
7 files changed, 39 insertions(+), 19 deletions(-)
diffs (195 lines):
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netinet/files.netinet
--- a/sys/netinet/files.netinet Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netinet/files.netinet Mon Nov 17 21:34:27 2003 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: files.netinet,v 1.2 2003/09/06 03:36:30 itojun Exp $
+# $NetBSD: files.netinet,v 1.3 2003/11/17 21:34:27 jonathan Exp $
defflag opt_tcp_debug.h TCP_DEBUG
defparam opt_tcp_debug.h TCP_NDEBUG
-defflag opt_inet.h INET INET6 INET6_MD_CKSUM
+defflag opt_inet.h INET INET6 INET6_MD_CKSUM RANDOM_IP_ID
defparam opt_inet_conf.h SUBNETSARELOCAL HOSTZEROBROADCAST
defflag MROUTING
@@ -19,7 +19,7 @@
file netinet/in_proto.c inet
file netinet/ip_flow.c inet & gateway
file netinet/ip_icmp.c inet
-file netinet/ip_id.c inet
+file netinet/ip_id.c random_ip_id
file netinet/ip_input.c inet
file netinet/ip_mroute.c inet & mrouting
file netinet/ip_output.c inet
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netinet/ip_mroute.c
--- a/sys/netinet/ip_mroute.c Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netinet/ip_mroute.c Mon Nov 17 21:34:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_mroute.c,v 1.80 2003/09/06 03:36:30 itojun Exp $ */
+/* $NetBSD: ip_mroute.c,v 1.81 2003/11/17 21:34:27 jonathan Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -86,7 +86,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.80 2003/09/06 03:36:30 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.81 2003/11/17 21:34:27 jonathan Exp $");
#include "opt_ipsec.h"
@@ -1564,7 +1564,7 @@
*/
ip_copy = mtod(mb_copy, struct ip *);
*ip_copy = multicast_encap_iphdr;
- ip_copy->ip_id = htons(ip_randomid());
+ ip_copy->ip_id = ip_newid();
ip_copy->ip_len = htons(len);
ip_copy->ip_src = vifp->v_lcl_addr;
ip_copy->ip_dst = vifp->v_rmt_addr;
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netinet/ip_output.c Mon Nov 17 21:34:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.126 2003/10/17 20:31:12 enami Exp $ */
+/* $NetBSD: ip_output.c,v 1.127 2003/11/17 21:34:27 jonathan Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -98,7 +98,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.126 2003/10/17 20:31:12 enami Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.127 2003/11/17 21:34:27 jonathan Exp $");
#include "opt_pfil_hooks.h"
#include "opt_ipsec.h"
@@ -235,7 +235,7 @@
if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
ip->ip_v = IPVERSION;
ip->ip_off = htons(0);
- ip->ip_id = htons(ip_randomid());
+ ip->ip_id = ip_newid();
ip->ip_hl = hlen >> 2;
ipstat.ips_localout++;
} else {
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netinet/ip_var.h
--- a/sys/netinet/ip_var.h Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netinet/ip_var.h Mon Nov 17 21:34:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_var.h,v 1.59 2003/09/06 03:36:31 itojun Exp $ */
+/* $NetBSD: ip_var.h,v 1.60 2003/11/17 21:34:27 jonathan Exp $ */
/*
* Copyright (c) 1982, 1986, 1993
@@ -251,7 +251,25 @@
void ipflow_create __P((const struct route *, struct mbuf *));
void ipflow_slowtimo __P((void));
+extern uint16_t ip_id;
+static __inline uint16_t ip_newid __P((void));
+
+#ifdef RANDOM_IP_ID
u_int16_t ip_randomid __P((void));
+extern int ip_do_randomid;
#endif
+static __inline uint16_t
+ip_newid(void)
+{
+#ifdef RANDOM_IP_ID
+ if (ip_do_randomid)
+ return ip_randomid();
+#endif /* RANDOM_IP_ID */
+
+ return htons(ip_id++);
+}
+
+#endif /* _KERNEL */
+
#endif /* _NETINET_IP_VAR_H_ */
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netinet/raw_ip.c
--- a/sys/netinet/raw_ip.c Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netinet/raw_ip.c Mon Nov 17 21:34:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: raw_ip.c,v 1.76 2003/09/06 03:36:31 itojun Exp $ */
+/* $NetBSD: raw_ip.c,v 1.77 2003/11/17 21:34:27 jonathan Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.76 2003/09/06 03:36:31 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.77 2003/11/17 21:34:27 jonathan Exp $");
#include "opt_ipsec.h"
#include "opt_mrouting.h"
@@ -379,7 +379,7 @@
HTONS(ip->ip_len);
HTONS(ip->ip_off);
if (ip->ip_id == 0)
- ip->ip_id = htons(ip_randomid());
+ ip->ip_id = ip_newid();
opts = NULL;
/* XXX prevent ip_output from overwriting header fields */
flags |= IP_RAWOUTPUT;
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netinet6/ipsec.c Mon Nov 17 21:34:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.87 2003/10/03 22:08:26 itojun Exp $ */
+/* $NetBSD: ipsec.c,v 1.88 2003/11/17 21:34:27 jonathan Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.87 2003/10/03 22:08:26 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.88 2003/11/17 21:34:27 jonathan Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -2123,7 +2123,7 @@
ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: "
"leave ip_len as is (invalid packet)\n"));
}
- ip->ip_id = htons(ip_randomid());
+ ip->ip_id = ip_newid();
bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
&ip->ip_src, sizeof(ip->ip_src));
bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr,
diff -r 4297cb5a6da4 -r a20d00751b3a sys/netipsec/xform_ipip.c
--- a/sys/netipsec/xform_ipip.c Mon Nov 17 21:29:37 2003 +0000
+++ b/sys/netipsec/xform_ipip.c Mon Nov 17 21:34:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.6 2003/11/14 07:15:28 jonathan Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.7 2003/11/17 21:34:27 jonathan Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.6 2003/11/14 07:15:28 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.7 2003/11/17 21:34:27 jonathan Exp $");
/*
* IP-inside-IP processing
@@ -484,7 +484,9 @@
ipo->ip_src = saidx->src.sin.sin_addr;
ipo->ip_dst = saidx->dst.sin.sin_addr;
-#if defined(__NetBSD__) || defined(RANDOM_IP_ID)
+#if defined(__NetBSD__)
+ ipo->ip_id = ip_newid();
+#elif defined(RANDOM_IP_ID)
ipo->ip_id = ip_randomid();
#else
ipo->ip_id = htons(ip_id++);
Home |
Main Index |
Thread Index |
Old Index