From 5df13d37b27b8510415fb500f01a289443950ebb Mon Sep 17 00:00:00 2001 From: dwmalone Date: Sat, 14 Aug 2004 15:32:40 +0000 Subject: Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD have already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that checks the sysctl and then decides if it should return a sequential or random IP ID. 2) named the sysctl net.inet.ip.random_id 3) IPv6 flow IDs and fragment IDs are now always random. Flow IDs and frag IDs are significantly less common in the IPv6 world (ie. rarely generated per-packet), so there should be smaller performance concerns. The sysctl defaults to 0 (sequential IP IDs). Reviewed by: andre, silby, mlaier, ume Based on: NetBSD MFC after: 2 months --- sys/netinet6/ipsec.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'sys/netinet6/ipsec.c') diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index f57a7db..13d2feb 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -37,7 +37,6 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include #include @@ -2156,11 +2155,7 @@ ipsec4_encapsulate(m, sav) ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: " "leave ip_len as is (invalid packet)\n")); } -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr, &ip->ip_src, sizeof(ip->ip_src)); bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr, -- cgit v1.1