Much delayed but now present: RFC 1948 style sequence numbers

In order to ensure security and functionality, RFC 1948 style
initial sequence number generation has been implemented.  Barring
any major crypographic breakthroughs, this algorithm should be
unbreakable.  In addition, the problems with TIME_WAIT recycling
which affect our currently used algorithm are not present.

Reviewed by: jesper

1 files changed, 0 insertions, 21 deletions

diff --git a/sys/netinet/tcp_seq.h b/sys/netinet/tcp_seq.h
index 9307347..c1d36d3 100644
--- a/sys/netinet/tcp_seq.h
+++ b/sys/netinet/tcp_seq.h
@@ -80,26 +80,5 @@
 
 #ifdef _KERNEL
 extern tcp_cc	tcp_ccgen;		/* global connection count */
-
-/*
- * Increment for tcp_iss each second.
- * This is designed to increment at the standard 250 KB/s,
- * but with a random component averaging 128 KB.
- * We also increment tcp_iss by a quarter of this amount
- * each time we use the value for a new connection.
- * If defined, the tcp_random18() macro should produce a
- * number in the range [0-0x3ffff] that is hard to predict.
- * 
- * The variable tcp_iss and tcp_random18() are only used
- * by sequence number generation scheme 0.
- */
-#ifndef tcp_random18
-#define	tcp_random18()	(arc4random() & 0x3ffff)
-#endif
-#define	TCP_ISSINCR	(122*1024 + tcp_random18())
-
-extern tcp_seq	tcp_iss;
-#else
-#define	TCP_ISSINCR	(250*1024)	/* increment for tcp_iss each second */
 #endif /* _KERNEL */
 #endif /* _NETINET_TCP_SEQ_H_ */