Date: Sun, 4 May 2003 12:50:11 -0500 (CDT) From: mark tinguely <tinguely@web.cs.ndsu.nodak.edu> To: net@FreeBSD.org, silby@silby.com Subject: Re: Reducing ip_id information leakage Message-ID: <200305041750.h44HoBbo077630@web.cs.ndsu.nodak.edu>
next in thread | raw e-mail | index | archive | help
on Wed, 30 Apr 2003 01:58:36 CDT, Mike Silbersack <silby@silby.com> said: > It's too bad we don't have an inexpensive function we can use for the !DF > case. I'd like to make the OpenBSD function the default for frag packets, > but it seems just too heavyweight. I guess I am in the mood to beat a dead horse.... 1) Have a less global counter (limit wrap on highspeed connections) that starts with a random initial number. 2) Each DF packet in this counter group, add a relative prime number. a) can also choose a random relative prime when this counter is created. Results: Keeps the 2^16 numbering space. Less global (think per interface, or per source/destination/port as mentioned that is done in Solaris). The overhead is only 32 bits of storage and a couple accesses more. --Mark Tinguely
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305041750.h44HoBbo077630>