Date: Thu, 12 Apr 2001 10:53:11 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Rob Simmons <rsimmons@wlcg.com> Cc: Mark T Roberts <newsletter@marktroberts.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: non-random IP IDs Message-ID: <Pine.BSF.4.31.0104121046150.3325-100000@achilles.silby.com> In-Reply-To: <Pine.BSF.4.33.0104120910370.63358-100000@mail.wlcg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Apr 2001, Rob Simmons wrote: > On Thu, 12 Apr 2001, Mike Silbersack wrote: > > > Each IP packet sent has with it a 16-bit ID. The numbers must remain > > unique over a short period of time so fragmentation can work properly. As > > such, everything except recent openbsds simple increments the id by 1 for > > each packet sent out. > > What is the behavior of OpenBSD for this? If its not important, why would > they change it? They generate pseudo-random, nonrepeating ids. For the actual algorithm, see: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=openbsd Although it's nice in theory, the amount of work required to generate the ids seems too great to justify for each packet sent. (Note that I said "seems", I'm not sure if anyone has done actual benchmarks to determine the actual impact.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104121046150.3325-100000>