randomize IPv6 flowlabel when RANDOM_IP_ID is defined.

Obtained from: KAME
2003-10-01 21:24:28 +00:00 · 2003-10-01 21:24:28 +00:00 · b79274ba41
commit b79274ba41
parent 18193b6f63
5 changed files with 20 additions and 4 deletions
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@ -69,6 +69,7 @@
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_random_ip_id.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -402,7 +403,11 @@ in6_pcbconnect(inp, nam, td)
 	inp->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK;
 	if (inp->in6p_flags & IN6P_AUTOFLOWLABEL)
 		inp->in6p_flowinfo |=
+#ifdef RANDOM_IP_ID
+		    (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
+#else
 		    (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK);
+#endif

 	in_pcbrehash(inp);
 	return (0);
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@ -292,7 +292,9 @@ int	ip6_maxfragpackets;	/* initialized in frag6.c:frag6_init() */
 int	ip6_log_interval = 5;
 int	ip6_hdrnestlimit = 50;	/* appropriate? */
 int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
+#ifndef RANDOM_IP_ID
 u_int32_t ip6_flow_seq;
+#endif
 int	ip6_auto_flowlabel = 1;
 int	ip6_gif_hlim = 0;
 int	ip6_use_deprecated = 1;	/* allow deprecated addr (RFC2462 5.5.4) */
--- a/sys/netinet6/ip6_id.c
+++ b/sys/netinet6/ip6_id.c
@ -250,4 +250,11 @@ ip6_randomid(void)
 	return randomid(&randomtab_32);
 }

+u_int32_t
+ip6_randomflowlabel(void)
+{
+
+	return randomid(&randomtab_20) & 0xfffff;
+}
+
 #endif /* RANDOM_IP_ID */
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@ -70,6 +70,7 @@
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
 #include "opt_pfil_hooks.h"
+#include "opt_random_ip_id.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -198,11 +199,9 @@ ip6_init()
 	netisr_register(NETISR_IPV6, ip6_input, &ip6intrq);
 	nd6_init();
 	frag6_init();
-	/*
-	 * in many cases, random() here does NOT return random number
-	 * as initialization during bootstrap time occur in fixed order.
-	 */
+#ifndef RANDOM_IP_ID
 	ip6_flow_seq = arc4random();
+#endif
 	ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
 }

--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@ -276,7 +276,9 @@ extern time_t	ip6_log_time;
 extern int	ip6_hdrnestlimit; /* upper limit of # of extension headers */
 extern int	ip6_dad_count;		/* DupAddrDetectionTransmits */

+#ifndef RANDOM_IP_ID
 extern u_int32_t ip6_flow_seq;
+#endif
 extern int ip6_auto_flowlabel;
 extern int ip6_auto_linklocal;

@ -357,6 +359,7 @@ int	none_input __P((struct mbuf **, int *, int));

 #ifdef RANDOM_IP_ID
 u_int32_t ip6_randomid __P((void));
+u_int32_t ip6_randomflowlabel __P((void));
 #endif
 #endif /* _KERNEL */