diff options
| author | ume <ume@FreeBSD.org> | 2003-10-01 21:24:28 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2003-10-01 21:24:28 +0000 |
| commit | dff1ad31d578de8652ddb2af57b20afeef17161b (patch) | |
| tree | 40cbf0f17e6e447a893c3c70e1a6ee492c6a779e | |
| parent | 1510816eb2189f841fa0c9d83a1491b4e9228642 (diff) | |
| download | FreeBSD-src-dff1ad31d578de8652ddb2af57b20afeef17161b.zip FreeBSD-src-dff1ad31d578de8652ddb2af57b20afeef17161b.tar.gz | |
randomize IPv6 flowlabel when RANDOM_IP_ID is defined.
Obtained from: KAME
| -rw-r--r-- | sys/netinet6/in6_pcb.c | 5 | ||||
| -rw-r--r-- | sys/netinet6/in6_proto.c | 2 | ||||
| -rw-r--r-- | sys/netinet6/ip6_id.c | 7 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 7 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 3 |
5 files changed, 20 insertions, 4 deletions
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index ab59d52..f160661 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -69,6 +69,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -402,7 +403,11 @@ in6_pcbconnect(inp, nam, td) inp->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; if (inp->in6p_flags & IN6P_AUTOFLOWLABEL) inp->in6p_flowinfo |= +#ifdef RANDOM_IP_ID + (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); +#else (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK); +#endif in_pcbrehash(inp); return (0); diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 89374d2..bd66dcb 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -292,7 +292,9 @@ int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ int ip6_log_interval = 5; int ip6_hdrnestlimit = 50; /* appropriate? */ int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ +#ifndef RANDOM_IP_ID u_int32_t ip6_flow_seq; +#endif int ip6_auto_flowlabel = 1; int ip6_gif_hlim = 0; int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c index 8ed0b8d..cd2ae2d 100644 --- a/sys/netinet6/ip6_id.c +++ b/sys/netinet6/ip6_id.c @@ -250,4 +250,11 @@ ip6_randomid(void) return randomid(&randomtab_32); } +u_int32_t +ip6_randomflowlabel(void) +{ + + return randomid(&randomtab_20) & 0xfffff; +} + #endif /* RANDOM_IP_ID */ diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 9ab712a..cc368c4 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -70,6 +70,7 @@ #include "opt_inet6.h" #include "opt_ipsec.h" #include "opt_pfil_hooks.h" +#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -198,11 +199,9 @@ ip6_init() netisr_register(NETISR_IPV6, ip6_input, &ip6intrq); nd6_init(); frag6_init(); - /* - * in many cases, random() here does NOT return random number - * as initialization during bootstrap time occur in fixed order. - */ +#ifndef RANDOM_IP_ID ip6_flow_seq = arc4random(); +#endif ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; } diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index fa32712..a12e911 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -276,7 +276,9 @@ extern time_t ip6_log_time; extern int ip6_hdrnestlimit; /* upper limit of # of extension headers */ extern int ip6_dad_count; /* DupAddrDetectionTransmits */ +#ifndef RANDOM_IP_ID extern u_int32_t ip6_flow_seq; +#endif extern int ip6_auto_flowlabel; extern int ip6_auto_linklocal; @@ -357,6 +359,7 @@ int none_input __P((struct mbuf **, int *, int)); #ifdef RANDOM_IP_ID u_int32_t ip6_randomid __P((void)); +u_int32_t ip6_randomflowlabel __P((void)); #endif #endif /* _KERNEL */ |
