aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet6
diff options
context:
space:
mode:
authorDavid Malone <dwmalone@FreeBSD.org>2004-08-14 15:32:40 +0000
committerDavid Malone <dwmalone@FreeBSD.org>2004-08-14 15:32:40 +0000
commit1f44b0a1b539198ce55bf97e73d51ded20a55ab4 (patch)
tree56a806b0847f95ede378bb97ce9bfcb595420ea2 /sys/netinet6
parente7581f0fc2b97703022b42069967a8cfca46e8a2 (diff)
downloadsrc-1f44b0a1b539198ce55bf97e73d51ded20a55ab4.tar.gz
src-1f44b0a1b539198ce55bf97e73d51ded20a55ab4.zip
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD
have already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that checks the sysctl and then decides if it should return a sequential or random IP ID. 2) named the sysctl net.inet.ip.random_id 3) IPv6 flow IDs and fragment IDs are now always random. Flow IDs and frag IDs are significantly less common in the IPv6 world (ie. rarely generated per-packet), so there should be smaller performance concerns. The sysctl defaults to 0 (sequential IP IDs). Reviewed by: andre, silby, mlaier, ume Based on: NetBSD MFC after: 2 months
Notes
Notes: svn path=/head/; revision=133720
Diffstat (limited to 'sys/netinet6')
-rw-r--r--sys/netinet6/frag6.c5
-rw-r--r--sys/netinet6/in6_pcb.c5
-rw-r--r--sys/netinet6/in6_proto.c7
-rw-r--r--sys/netinet6/ip6_id.c6
-rw-r--r--sys/netinet6/ip6_input.c4
-rw-r--r--sys/netinet6/ip6_output.c5
-rw-r--r--sys/netinet6/ip6_var.h8
-rw-r--r--sys/netinet6/ipsec.c7
8 files changed, 1 insertions, 46 deletions
diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c
index f8a86a1fac0a..8be7d5247806 100644
--- a/sys/netinet6/frag6.c
+++ b/sys/netinet6/frag6.c
@@ -30,8 +30,6 @@
* SUCH DAMAGE.
*/
-#include "opt_random_ip_id.h"
-
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
@@ -98,9 +96,6 @@ frag6_init()
IP6Q_LOCK_INIT();
-#ifndef RANDOM_IP_ID
- ip6_id = arc4random();
-#endif
ip6q.ip6q_next = ip6q.ip6q_prev = &ip6q;
}
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 48d153f61229..7639919e8a84 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -65,7 +65,6 @@
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipsec.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -389,11 +388,7 @@ in6_pcbconnect(inp, nam, cred)
inp->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK;
if (inp->in6p_flags & IN6P_AUTOFLOWLABEL)
inp->in6p_flowinfo |=
-#ifdef RANDOM_IP_ID
(htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
-#else
- (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK);
-#endif
in_pcbrehash(inp);
#ifdef IPSEC
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index 2d1d8dc79765..d4edbec6bf50 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -64,7 +64,6 @@
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipsec.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/socket.h>
@@ -290,9 +289,6 @@ int ip6_maxfrags; /* initialized in frag6.c:frag6_init() */
int ip6_log_interval = 5;
int ip6_hdrnestlimit = 50; /* appropriate? */
int ip6_dad_count = 1; /* DupAddrDetectionTransmits */
-#ifndef RANDOM_IP_ID
-u_int32_t ip6_flow_seq;
-#endif
int ip6_auto_flowlabel = 1;
int ip6_gif_hlim = 0;
int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */
@@ -300,9 +296,6 @@ int ip6_rr_prune = 5; /* router renumbering prefix
* walk list every 5 sec. */
int ip6_v6only = 1;
-#ifndef RANDOM_IP_ID
-u_int32_t ip6_id = 0UL;
-#endif
int ip6_keepfaith = 0;
time_t ip6_log_time = (time_t)0L;
diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c
index ca193b899016..cb75277b746d 100644
--- a/sys/netinet6/ip6_id.c
+++ b/sys/netinet6/ip6_id.c
@@ -86,8 +86,6 @@
* This avoids reuse issues caused by reseeding.
*/
-#include "opt_random_ip_id.h"
-
#include <sys/types.h>
#include <sys/param.h>
#include <sys/kernel.h>
@@ -100,8 +98,6 @@
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
-#ifdef RANDOM_IP_ID
-
#ifndef INT32_MAX
#define INT32_MAX 0x7fffffffU
#endif
@@ -267,5 +263,3 @@ ip6_randomflowlabel(void)
return randomid(&randomtab_20) & 0xfffff;
}
-
-#endif /* RANDOM_IP_ID */
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index a22eb12c2ea4..ac24f972743d 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -66,7 +66,6 @@
#include "opt_inet6.h"
#include "opt_ipsec.h"
#include "opt_pfil_hooks.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -197,9 +196,6 @@ ip6_init()
addrsel_policy_init();
nd6_init();
frag6_init();
-#ifndef RANDOM_IP_ID
- ip6_flow_seq = arc4random();
-#endif
ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
}
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index b955f40e2805..f5c35594e8ed 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -66,7 +66,6 @@
#include "opt_inet6.h"
#include "opt_ipsec.h"
#include "opt_pfil_hooks.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/malloc.h>
@@ -1036,11 +1035,7 @@ skip_ipsec2:;
} else {
struct mbuf **mnext, *m_frgpart;
struct ip6_frag *ip6f;
-#ifdef RANDOM_IP_ID
u_int32_t id = htonl(ip6_randomid());
-#else
- u_int32_t id = htonl(ip6_id++);
-#endif
u_char nextproto;
struct ip6ctlparam ip6cp;
u_int32_t mtu32;
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index 99edc4503fff..36bf36dfcc3a 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -283,9 +283,6 @@ struct ip6aux {
#define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */
extern struct ip6stat ip6stat; /* statistics */
-#ifndef RANDOM_IP_ID
-extern u_int32_t ip6_id; /* fragment identifier */
-#endif
extern int ip6_defhlim; /* default hop limit */
extern int ip6_defmcasthlim; /* default multicast hop limit */
extern int ip6_forwarding; /* act as router? */
@@ -309,9 +306,6 @@ extern time_t ip6_log_time;
extern int ip6_hdrnestlimit; /* upper limit of # of extension headers */
extern int ip6_dad_count; /* DupAddrDetectionTransmits */
-#ifndef RANDOM_IP_ID
-extern u_int32_t ip6_flow_seq;
-#endif
extern int ip6_auto_flowlabel;
extern int ip6_auto_linklocal;
@@ -399,10 +393,8 @@ struct in6_addr *in6_selectsrc __P((struct sockaddr_in6 *,
int in6_selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *,
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
struct rtentry **, int));
-#ifdef RANDOM_IP_ID
u_int32_t ip6_randomid __P((void));
u_int32_t ip6_randomflowlabel __P((void));
-#endif
#endif /* _KERNEL */
#endif /* !_NETINET6_IP6_VAR_H_ */
diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c
index f57a7db8e489..13d2feb667a3 100644
--- a/sys/netinet6/ipsec.c
+++ b/sys/netinet6/ipsec.c
@@ -37,7 +37,6 @@
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipsec.h"
-#include "opt_random_ip_id.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -2156,11 +2155,7 @@ ipsec4_encapsulate(m, sav)
ipseclog((LOG_ERR, "IPv4 ipsec: size exceeds limit: "
"leave ip_len as is (invalid packet)\n"));
}
-#ifdef RANDOM_IP_ID
- ip->ip_id = ip_randomid();
-#else
- ip->ip_id = htons(ip_id++);
-#endif
+ ip->ip_id = ip_newid();
bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
&ip->ip_src, sizeof(ip->ip_src));
bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr,