MFC: Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP

packets.  This closes a minor information leak which allows a remote
observer to determine the rate at which the machine is generating packets,
since the default behaviour is to increment a counter for each packet sent.

9 files changed, 37 insertions, 0 deletions

diff --git a/sys/conf/files b/sys/conf/files
index 540cd29e174d..6a9a60f2a355 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -795,6 +795,7 @@ netinet/in_gif.c	optional gif inet
 netinet/igmp.c		optional inet
 netinet/in.c		optional inet
 #netinet/in_hostcache.c	optional inet
+netinet/ip_id.c		optional inet
 netinet/in_pcb.c	optional inet
 netinet/in_proto.c	optional inet
 netinet/in_rmx.c	optional inet
diff --git a/sys/conf/options b/sys/conf/options
index ccf34ef5dd48..60d23ca8dfb4 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -264,6 +264,7 @@ NETATALK		opt_atalk.h
 PPP_BSDCOMP		opt_ppp.h
 PPP_DEFLATE		opt_ppp.h
 PPP_FILTER		opt_ppp.h
+RANDOM_IP_ID
 SLIP_IFF_OPTS		opt_slip.h
 TCPDEBUG
 TCP_DROP_SYNFIN		opt_tcp_input.h
diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT
index 7611df080bd3..e6de4beba1ee 100644
--- a/sys/i386/conf/LINT
+++ b/sys/i386/conf/LINT
@@ -565,6 +565,13 @@ options		IPFILTER_DEFAULT_BLOCK	#block all packets by default
 options 	IPSTEALTH		#support for stealth forwarding
 options 	TCPDEBUG
 
+# RANDOM_IP_ID causes the ID field in IP packets to be randomized
+# instead of incremented by 1 with each packet generated.  This
+# option closes a minor information leak which allows remote
+# observers to determine the rate of packet generation on the
+# machine by watching the counter.
+options		RANDOM_IP_ID
+
 # Statically Link in accept filters
 options                ACCEPT_FILTER_DATA
 options                ACCEPT_FILTER_HTTP
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index ae9b626a2130..4a79ef0e7ee6 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -43,6 +43,7 @@
 #include "opt_ipfilter.h"
 #include "opt_ipstealth.h"
 #include "opt_ipsec.h"
+#include "opt_random_ip_id.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -257,7 +258,9 @@ ip_init()
 	maxnipq = nmbclusters / 4;
 	ip_maxfragpackets = nmbclusters / 4;
 
+#ifndef RANDOM_IP_ID
 	ip_id = time_second & 0xffff;
+#endif
 	ipintrq.ifq_maxlen = ipqmaxlen;
 
 	register_netisr(NETISR_IP, ipintr);
diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c
index e3e22555f342..7cf6a6a54bd3 100644
--- a/sys/netinet/ip_mroute.c
+++ b/sys/netinet/ip_mroute.c
@@ -13,6 +13,7 @@
  */
 
 #include "opt_mrouting.h"
+#include "opt_random_ip_id.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1580,7 +1581,11 @@ encap_send(ip, vifp, m)
      */
     ip_copy = mtod(mb_copy, struct ip *);
     *ip_copy = multicast_encap_iphdr;
+#ifdef RANDOM_IP_ID
+    ip_copy->ip_id = ip_randomid();
+#else
     ip_copy->ip_id = htons(ip_id++);
+#endif
     ip_copy->ip_len += len;
     ip_copy->ip_src = vifp->v_lcl_addr;
     ip_copy->ip_dst = vifp->v_rmt_addr;
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index e3eb7247c61e..9de34c286309 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -41,6 +41,7 @@
 #include "opt_ipdivert.h"
 #include "opt_ipfilter.h"
 #include "opt_ipsec.h"
+#include "opt_random_ip_id.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -209,7 +210,11 @@ ip_output(m0, opt, ro, flags, imo)
 	if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
 		ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2);
 		ip->ip_off &= IP_DF;
+#ifdef RANDOM_IP_ID
+		ip->ip_id = ip_randomid();
+#else
 		ip->ip_id = htons(ip_id++);
+#endif
 		ipstat.ips_localout++;
 	} else {
 		hlen = IP_VHL_HL(ip->ip_vhl) << 2;
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index 6976f0b380e7..e7e353ee0139 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -142,7 +142,9 @@ struct route;
 struct sockopt;
 
 extern struct	ipstat	ipstat;
+#ifndef RANDOM_IP_ID
 extern u_short	ip_id;				/* ip packet ctr, for ids */
+#endif
 extern int	ip_defttl;			/* default IP ttl */
 extern int	ipforwarding;			/* ip forwarding */
 extern u_char	ip_protox[];
@@ -167,6 +169,10 @@ void	 ip_slowtimo __P((void));
 struct mbuf *
 	 ip_srcroute __P((void));
 void	 ip_stripoptions __P((struct mbuf *, struct mbuf *));
+#ifdef RANDOM_IP_ID
+u_int16_t	
+	 ip_randomid __P((void));
+#endif
 int	 rip_ctloutput __P((struct socket *, struct sockopt *));
 void	 rip_ctlinput __P((int, struct sockaddr *, void *));
 void	 rip_init __P((void));
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 6b4e6361c683..aea9c05942d5 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -36,6 +36,7 @@
 
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_random_ip_id.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -239,7 +240,11 @@ rip_output(m, so, dst)
 			return EINVAL;
 		}
 		if (ip->ip_id == 0)
+#ifdef RANDOM_IP_ID
+			ip->ip_id = ip_randomid();
+#else
 			ip->ip_id = htons(ip_id++);
+#endif
 		/* XXX prevent ip_output from overwriting header fields */
 		flags |= IP_RAWOUTPUT;
 		ipstat.ips_rawout++;
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index b55771e519c7..dd102313f696 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -2057,7 +2057,11 @@ ipsec4_encapsulate(m, sav)
 		ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: "
 			"leave ip_len as is (invalid packet)\n"));
 	}
+#ifdef RANDOM_IP_ID
+	ip->ip_id = ip_randomid();
+#else
 	ip->ip_id = htons(ip_id++);
+#endif
 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
 		&ip->ip_src, sizeof(ip->ip_src));
 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr,