Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 7 Nov 2014 03:20:17 -0500
From:      grarpamp <grarpamp@gmail.com>
To:        tor-relays@lists.torproject.org
Cc:        freebsd-net@freebsd.org
Subject:   Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
Message-ID:  <CAD2Ti2-eKzbU3trE0qiTDdK73hsxNGuRy7VJee52%2BWmNC5H%2BmA@mail.gmail.com>
In-Reply-To: <20141106135228.GE3824@nymity.ch>
References:  <CAD2Ti28BFsedyPC7VBR-Rz8c2_4CAQDnBFopnRHEX45sgqmjtA@mail.gmail.com> <20141106135228.GE3824@nymity.ch>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter <phw@nymity.ch> wrote:
> On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote:
>>  173 FreeBSD
>
> FreeBSD still seems to use globally incrementing IP IDs by default.
> That's an issue as it leaks fine-grained information about how many
> packets a relay's networking stack processes.  (However, nobody
> investigated the exact impact on Tor relays so far, which makes this a
> FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD
> relays I tested (38%) use global IP IDs.
>
> There's a sysctl variable called "net.inet.ip.random_id" which makes a
> FreeBSD's IP ID behaviour random.  FreeBSD relay operators should set
> this to "1".
>
> Note that this issue was already discussed earlier this year in a thread
> called "Lots of tor relays send out sequential IP IDs; please fix
> that!".

It's been default off since before it was a sysctl over a decade ago.
Anyone know what the deal is with that? Some objection, or
forgotten flag day, or oversight that really should be set to 1?
https://svnweb.freebsd.org/base?view=revision&revision=133720



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2-eKzbU3trE0qiTDdK73hsxNGuRy7VJee52%2BWmNC5H%2BmA>