diff options
author | dwmalone <dwmalone@FreeBSD.org> | 2004-08-14 15:32:40 +0000 |
---|---|---|
committer | dwmalone <dwmalone@FreeBSD.org> | 2004-08-14 15:32:40 +0000 |
commit | 5df13d37b27b8510415fb500f01a289443950ebb (patch) | |
tree | 56a806b0847f95ede378bb97ce9bfcb595420ea2 /sys/netinet6/ipsec.c | |
parent | 271672aa9c335d2a4944e53a99960718533d3f22 (diff) | |
download | FreeBSD-src-5df13d37b27b8510415fb500f01a289443950ebb.zip FreeBSD-src-5df13d37b27b8510415fb500f01a289443950ebb.tar.gz |
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
Diffstat (limited to 'sys/netinet6/ipsec.c')
-rw-r--r-- | sys/netinet6/ipsec.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index f57a7db..13d2feb 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -37,7 +37,6 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -2156,11 +2155,7 @@ ipsec4_encapsulate(m, sav) ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: " "leave ip_len as is (invalid packet)\n")); } -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr, &ip->ip_src, sizeof(ip->ip_src)); bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr, |