diff options
author | David Malone <dwmalone@FreeBSD.org> | 2004-08-14 15:32:40 +0000 |
---|---|---|
committer | David Malone <dwmalone@FreeBSD.org> | 2004-08-14 15:32:40 +0000 |
commit | 1f44b0a1b539198ce55bf97e73d51ded20a55ab4 (patch) | |
tree | 56a806b0847f95ede378bb97ce9bfcb595420ea2 /sys/netinet6 | |
parent | e7581f0fc2b97703022b42069967a8cfca46e8a2 (diff) | |
download | src-1f44b0a1b539198ce55bf97e73d51ded20a55ab4.tar.gz src-1f44b0a1b539198ce55bf97e73d51ded20a55ab4.zip |
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
Notes
Notes:
svn path=/head/; revision=133720
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/frag6.c | 5 | ||||
-rw-r--r-- | sys/netinet6/in6_pcb.c | 5 | ||||
-rw-r--r-- | sys/netinet6/in6_proto.c | 7 | ||||
-rw-r--r-- | sys/netinet6/ip6_id.c | 6 | ||||
-rw-r--r-- | sys/netinet6/ip6_input.c | 4 | ||||
-rw-r--r-- | sys/netinet6/ip6_output.c | 5 | ||||
-rw-r--r-- | sys/netinet6/ip6_var.h | 8 | ||||
-rw-r--r-- | sys/netinet6/ipsec.c | 7 |
8 files changed, 1 insertions, 46 deletions
diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c index f8a86a1fac0a..8be7d5247806 100644 --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -30,8 +30,6 @@ * SUCH DAMAGE. */ -#include "opt_random_ip_id.h" - #include <sys/param.h> #include <sys/systm.h> #include <sys/malloc.h> @@ -98,9 +96,6 @@ frag6_init() IP6Q_LOCK_INIT(); -#ifndef RANDOM_IP_ID - ip6_id = arc4random(); -#endif ip6q.ip6q_next = ip6q.ip6q_prev = &ip6q; } diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 48d153f61229..7639919e8a84 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -65,7 +65,6 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -389,11 +388,7 @@ in6_pcbconnect(inp, nam, cred) inp->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; if (inp->in6p_flags & IN6P_AUTOFLOWLABEL) inp->in6p_flowinfo |= -#ifdef RANDOM_IP_ID (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); -#else - (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK); -#endif in_pcbrehash(inp); #ifdef IPSEC diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 2d1d8dc79765..d4edbec6bf50 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -64,7 +64,6 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/socket.h> @@ -290,9 +289,6 @@ int ip6_maxfrags; /* initialized in frag6.c:frag6_init() */ int ip6_log_interval = 5; int ip6_hdrnestlimit = 50; /* appropriate? */ int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ -#ifndef RANDOM_IP_ID -u_int32_t ip6_flow_seq; -#endif int ip6_auto_flowlabel = 1; int ip6_gif_hlim = 0; int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ @@ -300,9 +296,6 @@ int ip6_rr_prune = 5; /* router renumbering prefix * walk list every 5 sec. */ int ip6_v6only = 1; -#ifndef RANDOM_IP_ID -u_int32_t ip6_id = 0UL; -#endif int ip6_keepfaith = 0; time_t ip6_log_time = (time_t)0L; diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c index ca193b899016..cb75277b746d 100644 --- a/sys/netinet6/ip6_id.c +++ b/sys/netinet6/ip6_id.c @@ -86,8 +86,6 @@ * This avoids reuse issues caused by reseeding. */ -#include "opt_random_ip_id.h" - #include <sys/types.h> #include <sys/param.h> #include <sys/kernel.h> @@ -100,8 +98,6 @@ #include <netinet/ip6.h> #include <netinet6/ip6_var.h> -#ifdef RANDOM_IP_ID - #ifndef INT32_MAX #define INT32_MAX 0x7fffffffU #endif @@ -267,5 +263,3 @@ ip6_randomflowlabel(void) return randomid(&randomtab_20) & 0xfffff; } - -#endif /* RANDOM_IP_ID */ diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index a22eb12c2ea4..ac24f972743d 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -66,7 +66,6 @@ #include "opt_inet6.h" #include "opt_ipsec.h" #include "opt_pfil_hooks.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -197,9 +196,6 @@ ip6_init() addrsel_policy_init(); nd6_init(); frag6_init(); -#ifndef RANDOM_IP_ID - ip6_flow_seq = arc4random(); -#endif ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index b955f40e2805..f5c35594e8ed 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -66,7 +66,6 @@ #include "opt_inet6.h" #include "opt_ipsec.h" #include "opt_pfil_hooks.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/malloc.h> @@ -1036,11 +1035,7 @@ skip_ipsec2:; } else { struct mbuf **mnext, *m_frgpart; struct ip6_frag *ip6f; -#ifdef RANDOM_IP_ID u_int32_t id = htonl(ip6_randomid()); -#else - u_int32_t id = htonl(ip6_id++); -#endif u_char nextproto; struct ip6ctlparam ip6cp; u_int32_t mtu32; diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 99edc4503fff..36bf36dfcc3a 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -283,9 +283,6 @@ struct ip6aux { #define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */ extern struct ip6stat ip6stat; /* statistics */ -#ifndef RANDOM_IP_ID -extern u_int32_t ip6_id; /* fragment identifier */ -#endif extern int ip6_defhlim; /* default hop limit */ extern int ip6_defmcasthlim; /* default multicast hop limit */ extern int ip6_forwarding; /* act as router? */ @@ -309,9 +306,6 @@ extern time_t ip6_log_time; extern int ip6_hdrnestlimit; /* upper limit of # of extension headers */ extern int ip6_dad_count; /* DupAddrDetectionTransmits */ -#ifndef RANDOM_IP_ID -extern u_int32_t ip6_flow_seq; -#endif extern int ip6_auto_flowlabel; extern int ip6_auto_linklocal; @@ -399,10 +393,8 @@ struct in6_addr *in6_selectsrc __P((struct sockaddr_in6 *, int in6_selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route_in6 *, struct ifnet **, struct rtentry **, int)); -#ifdef RANDOM_IP_ID u_int32_t ip6_randomid __P((void)); u_int32_t ip6_randomflowlabel __P((void)); -#endif #endif /* _KERNEL */ #endif /* !_NETINET6_IP6_VAR_H_ */ diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index f57a7db8e489..13d2feb667a3 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -37,7 +37,6 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -2156,11 +2155,7 @@ ipsec4_encapsulate(m, sav) ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: " "leave ip_len as is (invalid packet)\n")); } -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr, &ip->ip_src, sizeof(ip->ip_src)); bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr, |