Subject: Re: kernel ip_randomid() and libc randomid(3) still "broken"
To: None <tls@rek.tjls.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 11/14/2003 15:28:05
(Did the fast-ipsec commits yesterday have anything to do with this
resurfacing?)
I think we *did* decide, in that kre's articulation is sufficient to
convince any reasonable and knowledgeable person.
I'm willing to either remove the extant ip_randomid code altogether,
or [if preferable] replace it with a call to a ``allocate an ip-id
with whatever policy is currently in force'', together with a knob to
select either the old-style increment-a-global or the current random-ip code.
(knob can be config-time or sysctl, whatever is desired).
That at least decouples the issue of the low quality ip_ids we get
today in -current, from the issue reworking the extant random-id code
or replacing it with something better.