diff options
author | kris <kris@FreeBSD.org> | 2001-06-01 10:02:28 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2001-06-01 10:02:28 +0000 |
commit | e1524eb20ca44614d4942a0b92929a02e67dce44 (patch) | |
tree | 9bd8aa0fc8cabc5d0cc01510f30e42d4a12277e2 /sys/netinet/raw_ip.c | |
parent | 83f8b7087fd25f91158a6a096fad46b33b513773 (diff) | |
download | FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.zip FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.tar.gz |
Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.
This closes a minor information leak which allows a remote observer to
determine the rate at which the machine is generating packets, since the
default behaviour is to increment a counter for each packet sent.
Reviewed by: -net
Obtained from: OpenBSD
Diffstat (limited to 'sys/netinet/raw_ip.c')
-rw-r--r-- | sys/netinet/raw_ip.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 50bbf32..4fdcf95 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -36,6 +36,7 @@ #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -220,7 +221,11 @@ rip_output(m, so, dst) return EINVAL; } if (ip->ip_id == 0) +#ifdef RANDOM_IP_ID + ip->ip_id = ip_randomid(); +#else ip->ip_id = htons(ip_id++); +#endif /* XXX prevent ip_output from overwriting header fields */ flags |= IP_RAWOUTPUT; ipstat.ips_rawout++; |