(Did the fast-ipsec commits yesterday have anything to do with this
resurfacing?)

I think we *did* decide, in that kre's articulation is sufficient to
convince any reasonable and knowledgeable person.

I'm willing to either remove the extant ip_randomid code altogether,
or [if preferable] replace it with a call to a ``allocate an ip-id
with whatever policy is currently in force'', together with a knob to
select either the old-style increment-a-global or the current random-ip code.
(knob can be config-time or sysctl, whatever is desired).


That at least decouples the issue of the low quality ip_ids we get
today in -current, from the issue reworking the extant random-id code
or replacing it with something better.