From owner-freebsd-net@FreeBSD.ORG Fri Nov 7 08:20:19 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04990A88 for ; Fri, 7 Nov 2014 08:20:19 +0000 (UTC) Received: from mail-vc0-x232.google.com (mail-vc0-x232.google.com [IPv6:2607:f8b0:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B068CB05 for ; Fri, 7 Nov 2014 08:20:18 +0000 (UTC) Received: by mail-vc0-f178.google.com with SMTP id la4so1485256vcb.37 for ; Fri, 07 Nov 2014 00:20:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mRiyEnXoWexPNnZSBo8Ad1/oQlwYp5fAuNVNW+NKSog=; b=wT4A760SFIHrAMVNK86Ri78BIH2KzSuOWQ3IvGc5TgoAULS/9CnrgOeyoWWbyl4arg NtPan8/f/qz9ZYuodA57DkahDORKCu2Z1QzaMxgPrK6LzuXVdHANJM4k0vohgUTcdhoB BkA3q9Djcuf3hg1RSp0IDh7pgXoy61c7sB5ejujc+Wt2c9Jcyo2eqdNBqTsdVVQrwSq6 zE5roZbUubl1vRsngH+XapG+OOS3HslJ5hcBdhNIlXIcabpOT9ao+HyXl2Tz2j24gFEL LsLCDeG7m+OuiUf3ShaQuMUYeF9S1hO9clDOa9S4gFxnvxQ/rmzlzi5dmf7asvwuGIuV Cdgg== MIME-Version: 1.0 X-Received: by 10.220.128.71 with SMTP id j7mr6754716vcs.22.1415348417420; Fri, 07 Nov 2014 00:20:17 -0800 (PST) Received: by 10.221.64.74 with HTTP; Fri, 7 Nov 2014 00:20:17 -0800 (PST) In-Reply-To: <20141106135228.GE3824@nymity.ch> References: <20141106135228.GE3824@nymity.ch> Date: Fri, 7 Nov 2014 03:20:17 -0500 Message-ID: Subject: Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network) From: grarpamp To: tor-relays@lists.torproject.org Content-Type: text/plain; charset=UTF-8 Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2014 08:20:19 -0000 On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter wrote: > On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: >> 173 FreeBSD > > FreeBSD still seems to use globally incrementing IP IDs by default. > That's an issue as it leaks fine-grained information about how many > packets a relay's networking stack processes. (However, nobody > investigated the exact impact on Tor relays so far, which makes this a > FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD > relays I tested (38%) use global IP IDs. > > There's a sysctl variable called "net.inet.ip.random_id" which makes a > FreeBSD's IP ID behaviour random. FreeBSD relay operators should set > this to "1". > > Note that this issue was already discussed earlier this year in a thread > called "Lots of tor relays send out sequential IP IDs; please fix > that!". It's been default off since before it was a sysctl over a decade ago. Anyone know what the deal is with that? Some objection, or forgotten flag day, or oversight that really should be set to 1? https://svnweb.freebsd.org/base?view=revision&revision=133720