diff options
author | David Malone <dwmalone@FreeBSD.org> | 2004-08-14 15:32:40 +0000 |
---|---|---|
committer | David Malone <dwmalone@FreeBSD.org> | 2004-08-14 15:32:40 +0000 |
commit | 1f44b0a1b539198ce55bf97e73d51ded20a55ab4 (patch) | |
tree | 56a806b0847f95ede378bb97ce9bfcb595420ea2 /sys/netinet | |
parent | e7581f0fc2b97703022b42069967a8cfca46e8a2 (diff) | |
download | src-1f44b0a1b539198ce55bf97e73d51ded20a55ab4.tar.gz src-1f44b0a1b539198ce55bf97e73d51ded20a55ab4.zip |
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
Notes
Notes:
svn path=/head/; revision=133720
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_id.c | 3 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 8 | ||||
-rw-r--r-- | sys/netinet/ip_mroute.c | 13 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 7 | ||||
-rw-r--r-- | sys/netinet/ip_var.h | 19 | ||||
-rw-r--r-- | sys/netinet/raw_ip.c | 7 | ||||
-rw-r--r-- | sys/netinet/tcp_syncache.c | 5 | ||||
-rw-r--r-- | sys/netinet/tcp_usrreq.c | 7 |
8 files changed, 23 insertions, 46 deletions
diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c index 700f731d4912..c8455f808225 100644 --- a/sys/netinet/ip_id.c +++ b/sys/netinet/ip_id.c @@ -57,14 +57,12 @@ * This avoids reuse issues caused by reseeding. */ -#include "opt_random_ip_id.h" #include "opt_pf.h" #include <sys/param.h> #include <sys/time.h> #include <sys/kernel.h> #include <sys/random.h> -#if defined(RANDOM_IP_ID) || defined(DEV_PF) #define RU_OUT 180 /* Time after wich will be reseeded */ #define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ #define RU_GEN 2 /* Starting generator */ @@ -209,4 +207,3 @@ ip_randomid(void) return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb; } -#endif /* RANDOM_IP_ID || DEV_PF */ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 0d64effd2e93..0ae3c1635095 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -39,7 +39,6 @@ #include "opt_ipsec.h" #include "opt_mac.h" #include "opt_pfil_hooks.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/systm.h> @@ -135,6 +134,11 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, &ip_sendsourcequench, 0, "Enable the transmission of source quench packets"); +int ip_do_randomid = 0; +SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, + &ip_do_randomid, 0, + "Assign random ip_id values"); + /* * XXX - Setting ip_checkinterface mostly implements the receive side of * the Strong ES model described in RFC 1122, but since the routing table @@ -281,9 +285,7 @@ ip_init() maxnipq = nmbclusters / 32; maxfragsperpacket = 16; -#ifndef RANDOM_IP_ID ip_id = time_second & 0xffff; -#endif ipintrq.ifq_maxlen = ipqmaxlen; mtx_init(&ipintrq.ifq_mtx, "ip_inq", NULL, MTX_DEF); netisr_register(NETISR_IP, ip_input, &ipintrq, NETISR_MPSAFE); diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index 11490c45c275..57e8db8eae32 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -22,7 +22,6 @@ #include "opt_mac.h" #include "opt_mrouting.h" -#include "opt_random_ip_id.h" #ifdef PIM #define _PIM_VT 1 @@ -1884,11 +1883,7 @@ encap_send(struct ip *ip, struct vif *vifp, struct mbuf *m) */ ip_copy = mtod(mb_copy, struct ip *); *ip_copy = multicast_encap_iphdr; -#ifdef RANDOM_IP_ID - ip_copy->ip_id = ip_randomid(); -#else - ip_copy->ip_id = htons(ip_id++); -#endif + ip_copy->ip_id = ip_newid(); ip_copy->ip_len += len; ip_copy->ip_src = vifp->v_lcl_addr; ip_copy->ip_dst = vifp->v_rmt_addr; @@ -3093,11 +3088,7 @@ pim_register_send_rp(struct ip *ip, struct vif *vifp, */ ip_outer = mtod(mb_first, struct ip *); *ip_outer = pim_encap_iphdr; -#ifdef RANDOM_IP_ID - ip_outer->ip_id = ip_randomid(); -#else - ip_outer->ip_id = htons(ip_id++); -#endif + ip_outer->ip_id = ip_newid(); ip_outer->ip_len = len + sizeof(pim_encap_iphdr) + sizeof(pim_encap_pimhdr); ip_outer->ip_src = viftable[vifi].v_lcl_addr; ip_outer->ip_dst = rt->mfc_rp; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 8f7003ca4a5a..49461536b762 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -37,7 +37,6 @@ #include "opt_ipsec.h" #include "opt_mac.h" #include "opt_pfil_hooks.h" -#include "opt_random_ip_id.h" #include "opt_mbuf_stress_test.h" #include <sys/param.h> @@ -216,11 +215,7 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { ip->ip_v = IPVERSION; ip->ip_hl = hlen >> 2; -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); ipstat.ips_localout++; } else { hlen = ip->ip_hl << 2; diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index ff616fbb9e61..66da695b7d1c 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -142,9 +142,7 @@ struct route; struct sockopt; extern struct ipstat ipstat; -#ifndef RANDOM_IP_ID extern u_short ip_id; /* ip packet ctr, for ids */ -#endif extern int ip_defttl; /* default IP ttl */ extern int ipforwarding; /* ip forwarding */ extern int ip_doopts; /* process or ignore IP options */ @@ -178,10 +176,7 @@ void ip_slowtimo(void); struct mbuf * ip_srcroute(void); void ip_stripoptions(struct mbuf *, struct mbuf *); -#ifdef RANDOM_IP_ID -u_int16_t - ip_randomid(void); -#endif +u_int16_t ip_randomid(void); int rip_ctloutput(struct socket *, struct sockopt *); void rip_ctlinput(int, struct sockaddr *, void *); void rip_init(void); @@ -201,6 +196,18 @@ extern struct pfil_head inet_pfil_hook; void in_delayed_cksum(struct mbuf *m); +static __inline uint16_t ip_newid(void); +extern int ip_do_randomid; + +static __inline uint16_t +ip_newid(void) +{ + if (ip_do_randomid) + return ip_randomid(); + + return htons(ip_id++); +} + #endif /* _KERNEL */ #endif /* !_NETINET_IP_VAR_H_ */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 6b854c009071..3f3fb02f1c7d 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -33,7 +33,6 @@ #include "opt_inet6.h" #include "opt_ipsec.h" #include "opt_mac.h" -#include "opt_random_ip_id.h" #include <sys/param.h> #include <sys/jail.h> @@ -304,11 +303,7 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) return EINVAL; } if (ip->ip_id == 0) -#ifdef RANDOM_IP_ID - ip->ip_id = ip_randomid(); -#else - ip->ip_id = htons(ip_id++); -#endif + ip->ip_id = ip_newid(); /* XXX prevent ip_output from overwriting header fields */ flags |= IP_RAWOUTPUT; ipstat.ips_rawout++; diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 6ceff8f16f5c..9c918a95e226 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -38,7 +38,6 @@ #include "opt_inet6.h" #include "opt_ipsec.h" #include "opt_mac.h" -#include "opt_random_ip_id.h" #include "opt_tcpdebug.h" #include "opt_tcp_sack.h" @@ -958,11 +957,7 @@ syncache_add(inc, to, th, sop, m) if (inc->inc_isipv6 && (sc->sc_tp->t_inpcb->in6p_flags & IN6P_AUTOFLOWLABEL)) { sc->sc_flowlabel = -#ifdef RANDOM_IP_ID (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); -#else - (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK); -#endif } #endif } diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 1e961291e9fc..df6fa74f1fad 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -33,7 +33,6 @@ #include "opt_ipsec.h" #include "opt_inet.h" #include "opt_inet6.h" -#include "opt_random_ip_id.h" #include "opt_tcpdebug.h" #include <sys/param.h> @@ -946,12 +945,8 @@ tcp6_connect(tp, nam, td) /* update flowinfo - draft-itojun-ipv6-flowlabel-api-00 */ inp->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; if (inp->in6p_flags & IN6P_AUTOFLOWLABEL) - inp->in6p_flowinfo |= -#ifdef RANDOM_IP_ID + inp->in6p_flowinfo |= (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); -#else - (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK); -#endif in_pcbrehash(inp); /* Compute window scaling to request. */ |