From 6277137dd3ff2195bdb95c3f7c1c0fa149bab889 Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Mon, 15 Aug 2005 16:46:22 +0000 Subject: [PATCH] Convert RANDOM_IP_ID into a sysctl. Submitted-by: Gordon Bergling --- sys/conf/options | 3 +-- sys/config/LINT | 9 +-------- sys/i386/conf/LINT | 9 +-------- sys/net/ip_mroute/Makefile | 7 ++----- sys/net/ip_mroute/ip_mroute.c | 15 +++------------ sys/netinet/ip_id.c | 6 +----- sys/netinet/ip_input.c | 9 +++++---- sys/netinet/ip_output.c | 9 ++------- sys/netinet/ip_var.h | 21 ++++++++++++++------- sys/netinet/raw_ip.c | 9 ++------- sys/netproto/ipsec/xform_ipip.c | 9 ++------- 11 files changed, 34 insertions(+), 72 deletions(-) diff --git a/sys/conf/options b/sys/conf/options index 52fc2c1c2b..cdfc77ba99 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -1,5 +1,5 @@ # $FreeBSD: src/sys/conf/options,v 1.191.2.53 2003/06/04 17:56:58 sam Exp $ -# $DragonFly: src/sys/conf/options,v 1.39 2005/08/01 20:11:18 joerg Exp $ +# $DragonFly: src/sys/conf/options,v 1.40 2005/08/15 16:46:17 dillon Exp $ # # On the handling of kernel options # @@ -314,7 +314,6 @@ NS opt_ns.h PPP_BSDCOMP opt_ppp.h PPP_DEFLATE opt_ppp.h PPP_FILTER opt_ppp.h -RANDOM_IP_ID SLIP_IFF_OPTS opt_slip.h TCPDEBUG TCP_DROP_SYNFIN opt_tcp_input.h diff --git a/sys/config/LINT b/sys/config/LINT index 33bd1aafae..76b0a23f22 100644 --- a/sys/config/LINT +++ b/sys/config/LINT @@ -3,7 +3,7 @@ # as much of the source tree as it can. # # $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.144 2003/06/04 17:56:59 sam Exp $ -# $DragonFly: src/sys/config/LINT,v 1.57 2005/08/01 20:11:18 joerg Exp $ +# $DragonFly: src/sys/config/LINT,v 1.58 2005/08/15 16:46:19 dillon Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -626,13 +626,6 @@ device pflog # test cases. options MBUF_STRESS_TEST -# RANDOM_IP_ID causes the ID field in IP packets to be randomized -# instead of incremented by 1 with each packet generated. This -# option closes a minor information leak which allows remote -# observers to determine the rate of packet generation on the -# machine by watching the counter. -options RANDOM_IP_ID - # Statically link in accept filters options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT index 89352bf004..a2f0fc88ef 100644 --- a/sys/i386/conf/LINT +++ b/sys/i386/conf/LINT @@ -3,7 +3,7 @@ # as much of the source tree as it can. # # $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.144 2003/06/04 17:56:59 sam Exp $ -# $DragonFly: src/sys/i386/conf/Attic/LINT,v 1.57 2005/08/01 20:11:18 joerg Exp $ +# $DragonFly: src/sys/i386/conf/Attic/LINT,v 1.58 2005/08/15 16:46:19 dillon Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -626,13 +626,6 @@ device pflog # test cases. options MBUF_STRESS_TEST -# RANDOM_IP_ID causes the ID field in IP packets to be randomized -# instead of incremented by 1 with each packet generated. This -# option closes a minor information leak which allows remote -# observers to determine the rate of packet generation on the -# machine by watching the counter. -options RANDOM_IP_ID - # Statically link in accept filters options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP diff --git a/sys/net/ip_mroute/Makefile b/sys/net/ip_mroute/Makefile index 56314b6437..cc9e5f157c 100644 --- a/sys/net/ip_mroute/Makefile +++ b/sys/net/ip_mroute/Makefile @@ -1,16 +1,13 @@ # $FreeBSD: src/sys/modules/ip_mroute_mod/Makefile,v 1.5 1999/08/28 00:47:20 peter Exp $ -# $DragonFly: src/sys/net/ip_mroute/Makefile,v 1.3 2003/08/15 07:03:10 dillon Exp $ +# $DragonFly: src/sys/net/ip_mroute/Makefile,v 1.4 2005/08/15 16:46:20 dillon Exp $ .PATH: ${.CURDIR}/../../netinet KMOD= ip_mroute -SRCS= ip_mroute.c opt_mrouting.h opt_random_ip_id.h +SRCS= ip_mroute.c opt_mrouting.h NOMAN= CFLAGS+= -DMROUTE_LKM -DMROUTING opt_mrouting.h: echo "#define MROUTING 1" > ${.TARGET} -opt_random_ip_id.h: - echo > ${.TARGET} - .include diff --git a/sys/net/ip_mroute/ip_mroute.c b/sys/net/ip_mroute/ip_mroute.c index 3d172254fe..8ff5bd8744 100644 --- a/sys/net/ip_mroute/ip_mroute.c +++ b/sys/net/ip_mroute/ip_mroute.c @@ -18,11 +18,10 @@ * bandwidth metering and signaling * * $FreeBSD: src/sys/netinet/ip_mroute.c,v 1.56.2.10 2003/08/24 21:37:34 hsu Exp $ - * $DragonFly: src/sys/net/ip_mroute/ip_mroute.c,v 1.17 2005/06/15 18:29:30 joerg Exp $ + * $DragonFly: src/sys/net/ip_mroute/ip_mroute.c,v 1.18 2005/08/15 16:46:20 dillon Exp $ */ #include "opt_mrouting.h" -#include "opt_random_ip_id.h" #ifdef PIM #define _PIM_VT 1 @@ -1675,11 +1674,7 @@ encap_send(struct ip *ip, struct vif *vifp, struct mbuf *m) */ ip_copy = mtod(mb_copy, struct ip *); *ip_copy = multicast_encap_iphdr; -#ifdef RANDOM_IP_ID - ip_copy->ip_id = ip_randomid(); -#else - ip_copy->ip_id = htons(ip_id++); -#endif + ip_copy->ip_id = ip_newid(); ip_copy->ip_len += len; ip_copy->ip_src = vifp->v_lcl_addr; ip_copy->ip_dst = vifp->v_rmt_addr; @@ -2977,11 +2972,7 @@ pim_register_send_rp(struct ip *ip, struct vif *vifp, */ ip_outer = mtod(mb_first, struct ip *); *ip_outer = pim_encap_iphdr; -#ifdef RANDOM_IP_ID - ip_outer->ip_id = ip_randomid(); -#else - ip_outer->ip_id = htons(ip_id++); -#endif + ip_outer->ip_id = ip_newid(); ip_outer->ip_len = len + sizeof(pim_encap_iphdr) + sizeof(pim_encap_pimhdr); ip_outer->ip_src = viftable[vifi].v_lcl_addr; ip_outer->ip_dst = rt->mfc_rp; diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c index 34801efaa1..414a986a50 100644 --- a/sys/netinet/ip_id.c +++ b/sys/netinet/ip_id.c @@ -35,7 +35,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * $FreeBSD: src/sys/netinet/ip_id.c,v 1.1.2.1 2001/07/19 06:37:26 kris Exp $ - * $DragonFly: src/sys/netinet/ip_id.c,v 1.4 2004/12/21 02:54:15 hsu Exp $ + * $DragonFly: src/sys/netinet/ip_id.c,v 1.5 2005/08/15 16:46:21 dillon Exp $ */ /* @@ -58,13 +58,11 @@ * This avoids reuse issues caused by reseeding. */ -#include "opt_random_ip_id.h" #include #include #include #include -#ifdef RANDOM_IP_ID #define RU_OUT 180 /* Time after wich will be reseeded */ #define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ #define RU_GEN 2 /* Starting generator */ @@ -207,5 +205,3 @@ ip_randomid(void) return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb; } - -#endif /* RANDOM_IP_ID */ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1353dd8923..3af50ad366 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -82,7 +82,7 @@ * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ - * $DragonFly: src/sys/netinet/ip_input.c,v 1.55 2005/06/17 19:12:20 dillon Exp $ + * $DragonFly: src/sys/netinet/ip_input.c,v 1.56 2005/08/15 16:46:21 dillon Exp $ */ #define _IP_VHL @@ -94,7 +94,6 @@ #include "opt_ipfilter.h" #include "opt_ipstealth.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include #include @@ -196,6 +195,10 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, &ip_sendsourcequench, 0, "Enable the transmission of source quench packets"); +int ip_do_randomid = 0; +SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, + &ip_do_randomid, 0, + "Assign random ip_id values"); /* * XXX - Setting ip_checkinterface mostly implements the receive side of * the Strong ES model described in RFC 1122, but since the routing table @@ -370,9 +373,7 @@ ip_init(void) maxnipq = nmbclusters / 32; maxfragsperpacket = 16; -#ifndef RANDOM_IP_ID ip_id = time_second & 0xffff; -#endif ipintrq.ifq_maxlen = ipqmaxlen; /* diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index b640e94b2a..1b03b353bd 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -28,7 +28,7 @@ * * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 * $FreeBSD: src/sys/netinet/ip_output.c,v 1.99.2.37 2003/04/15 06:44:45 silby Exp $ - * $DragonFly: src/sys/netinet/ip_output.c,v 1.31 2005/06/17 19:12:20 dillon Exp $ + * $DragonFly: src/sys/netinet/ip_output.c,v 1.32 2005/08/15 16:46:21 dillon Exp $ */ #define _IP_VHL @@ -38,7 +38,6 @@ #include "opt_ipdivert.h" #include "opt_ipfilter.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include "opt_mbuf_stress_test.h" #include @@ -210,11 +209,7 @@ ip_output(struct mbuf *m0, struct mbuf *opt, struct route *ro, if (!(flags & (IP_FORWARDING|IP_RAWOUTPUT))) { ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2); ip->ip_off &= IP_DF; -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); ipstat.ips_localout++; } else { hlen = IP_VHL_HL(ip->ip_vhl) << 2; diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 3d9e7dcabe..2a545b2ffe 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -32,7 +32,7 @@ * * @(#)ip_var.h 8.2 (Berkeley) 1/9/95 * $FreeBSD: src/sys/netinet/ip_var.h,v 1.50.2.13 2003/08/24 08:24:38 hsu Exp $ - * $DragonFly: src/sys/netinet/ip_var.h,v 1.16 2005/04/18 14:26:57 joerg Exp $ + * $DragonFly: src/sys/netinet/ip_var.h,v 1.17 2005/08/15 16:46:21 dillon Exp $ */ #ifndef _NETINET_IP_VAR_H_ @@ -158,9 +158,7 @@ struct route; struct sockopt; struct lwkt_port; -#ifndef RANDOM_IP_ID extern u_short ip_id; /* ip packet ctr, for ids */ -#endif extern int ip_defttl; /* default IP ttl */ extern int ipforwarding; /* ip forwarding */ extern struct route ipforward_rt; /* ip forwarding cached route */ @@ -195,10 +193,7 @@ void ip_slowtimo(void); struct mbuf * ip_srcroute(void); void ip_stripoptions(struct mbuf *); -#ifdef RANDOM_IP_ID -u_int16_t - ip_randomid(void); -#endif +u_int16_t ip_randomid(void); int rip_ctloutput(struct socket *, struct sockopt *); void rip_ctlinput(int, struct sockaddr *, void *); void rip_init(void); @@ -223,6 +218,18 @@ extern struct pfil_head inet_pfil_hook; void in_delayed_cksum(struct mbuf *m); +static __inline uint16_t ip_newid(void); +extern int ip_do_randomid; + +static __inline uint16_t +ip_newid(void) +{ + if (ip_do_randomid) + return ip_randomid(); + else + return htons(ip_id++); +} + #endif /* _KERNEL */ #endif /* !_NETINET_IP_VAR_H_ */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index b65c9fb6e6..4de91b1ab9 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -32,12 +32,11 @@ * * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 * $FreeBSD: src/sys/netinet/raw_ip.c,v 1.64.2.16 2003/08/24 08:24:38 hsu Exp $ - * $DragonFly: src/sys/netinet/raw_ip.c,v 1.22 2005/06/02 23:52:42 dillon Exp $ + * $DragonFly: src/sys/netinet/raw_ip.c,v 1.23 2005/08/15 16:46:21 dillon Exp $ */ #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include #include @@ -297,11 +296,7 @@ rip_output(struct mbuf *m, struct socket *so, ...) return EINVAL; } if (ip->ip_id == 0) -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); /* XXX prevent ip_output from overwriting header fields */ flags |= IP_RAWOUTPUT; ipstat.ips_rawout++; diff --git a/sys/netproto/ipsec/xform_ipip.c b/sys/netproto/ipsec/xform_ipip.c index 964b83a217..f299cdf662 100644 --- a/sys/netproto/ipsec/xform_ipip.c +++ b/sys/netproto/ipsec/xform_ipip.c @@ -1,5 +1,5 @@ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ -/* $DragonFly: src/sys/netproto/ipsec/xform_ipip.c,v 1.11 2005/06/10 23:59:31 dillon Exp $ */ +/* $DragonFly: src/sys/netproto/ipsec/xform_ipip.c,v 1.12 2005/08/15 16:46:22 dillon Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -42,7 +42,6 @@ */ #include "opt_inet.h" #include "opt_inet6.h" -#include "opt_random_ip_id.h" #include #include @@ -450,11 +449,7 @@ ipip_output( ipo->ip_src = saidx->src.sin.sin_addr; ipo->ip_dst = saidx->dst.sin.sin_addr; -#ifdef RANDOM_IP_ID - ipo->ip_id = ip_randomid(); -#else - ipo->ip_id = htons(ip_id++); -#endif + ipo->ip_id = ip_newid(); /* If the inner protocol is IP... */ if (tp == IPVERSION) { -- 2.41.0