Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.

This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD
author: kris <kris@FreeBSD.org> 2001-06-01 10:02:28 +0000
committer: kris <kris@FreeBSD.org> 2001-06-01 10:02:28 +0000
commit: e1524eb20ca44614d4942a0b92929a02e67dce44 (patch)
tree: 9bd8aa0fc8cabc5d0cc01510f30e42d4a12277e2 /sys/netinet/raw_ip.c
parent: 83f8b7087fd25f91158a6a096fad46b33b513773 (diff)
download: FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.zip
FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 50bbf32..4fdcf95 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -36,6 +36,7 @@
 
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_random_ip_id.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -220,7 +221,11 @@ rip_output(m, so, dst)
 			return EINVAL;
 		}
 		if (ip->ip_id == 0)
+#ifdef RANDOM_IP_ID
+			ip->ip_id = ip_randomid();
+#else
 			ip->ip_id = htons(ip_id++);
+#endif
 		/* XXX prevent ip_output from overwriting header fields */
 		flags |= IP_RAWOUTPUT;
 		ipstat.ips_rawout++;
author	kris <kris@FreeBSD.org>	2001-06-01 10:02:28 +0000
committer	kris <kris@FreeBSD.org>	2001-06-01 10:02:28 +0000
commit	e1524eb20ca44614d4942a0b92929a02e67dce44 (patch)
tree	9bd8aa0fc8cabc5d0cc01510f30e42d4a12277e2 /sys/netinet/raw_ip.c
parent	83f8b7087fd25f91158a6a096fad46b33b513773 (diff)
download	FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.zip FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.tar.gz