diff options
author | kris <kris@FreeBSD.org> | 2001-06-01 10:02:28 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2001-06-01 10:02:28 +0000 |
commit | e1524eb20ca44614d4942a0b92929a02e67dce44 (patch) | |
tree | 9bd8aa0fc8cabc5d0cc01510f30e42d4a12277e2 /sys/conf | |
parent | 83f8b7087fd25f91158a6a096fad46b33b513773 (diff) | |
download | FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.zip FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.tar.gz |
Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.
This closes a minor information leak which allows a remote observer to
determine the rate at which the machine is generating packets, since the
default behaviour is to increment a counter for each packet sent.
Reviewed by: -net
Obtained from: OpenBSD
Diffstat (limited to 'sys/conf')
-rw-r--r-- | sys/conf/NOTES | 7 | ||||
-rw-r--r-- | sys/conf/files | 1 | ||||
-rw-r--r-- | sys/conf/options | 1 |
3 files changed, 9 insertions, 0 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index fae6298..1485762 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -590,6 +590,13 @@ options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding options TCPDEBUG +# RANDOM_IP_ID causes the ID field in IP packets to be randomized +# instead of incremented by 1 with each packet generated. This +# option closes a minor information leak which allows remote +# observers to determine the rate of packet generation on the +# machine by watching the counter. +options RANDOM_IP_ID + # Statically Link in accept filters options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP diff --git a/sys/conf/files b/sys/conf/files index 872cbe9..22d4cb7 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1037,6 +1037,7 @@ netinet/igmp.c optional inet netinet/in.c optional inet netinet/in_gif.c optional gif inet #netinet/in_hostcache.c optional inet +netinet/ip_id.c optional inet netinet/in_pcb.c optional inet netinet/in_proto.c optional inet netinet/in_rmx.c optional inet diff --git a/sys/conf/options b/sys/conf/options index d4349c3..f6315d1 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -278,6 +278,7 @@ NETATALK opt_atalk.h PPP_BSDCOMP opt_ppp.h PPP_DEFLATE opt_ppp.h PPP_FILTER opt_ppp.h +RANDOM_IP_ID SLIP_IFF_OPTS opt_slip.h TCPDEBUG TCP_DROP_SYNFIN opt_tcp_input.h |