From b79274ba415e55d543820180f01a8835a321a315 Mon Sep 17 00:00:00 2001 From: Hajimu UMEMOTO Date: Wed, 1 Oct 2003 21:24:28 +0000 Subject: [PATCH] randomize IPv6 flowlabel when RANDOM_IP_ID is defined. Obtained from: KAME --- sys/netinet6/in6_pcb.c | 5 +++++ sys/netinet6/in6_proto.c | 2 ++ sys/netinet6/ip6_id.c | 7 +++++++ sys/netinet6/ip6_input.c | 7 +++---- sys/netinet6/ip6_var.h | 3 +++ 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index ab59d52318d3..f160661c258b 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -69,6 +69,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_random_ip_id.h" #include #include @@ -402,7 +403,11 @@ in6_pcbconnect(inp, nam, td) inp->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; if (inp->in6p_flags & IN6P_AUTOFLOWLABEL) inp->in6p_flowinfo |= +#ifdef RANDOM_IP_ID + (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); +#else (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK); +#endif in_pcbrehash(inp); return (0); diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 89374d27e5c7..bd66dcb11776 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -292,7 +292,9 @@ int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ int ip6_log_interval = 5; int ip6_hdrnestlimit = 50; /* appropriate? */ int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ +#ifndef RANDOM_IP_ID u_int32_t ip6_flow_seq; +#endif int ip6_auto_flowlabel = 1; int ip6_gif_hlim = 0; int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c index 8ed0b8d1f24f..cd2ae2dc1b79 100644 --- a/sys/netinet6/ip6_id.c +++ b/sys/netinet6/ip6_id.c @@ -250,4 +250,11 @@ ip6_randomid(void) return randomid(&randomtab_32); } +u_int32_t +ip6_randomflowlabel(void) +{ + + return randomid(&randomtab_20) & 0xfffff; +} + #endif /* RANDOM_IP_ID */ diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 9ab712ad344a..cc368c44f51f 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -70,6 +70,7 @@ #include "opt_inet6.h" #include "opt_ipsec.h" #include "opt_pfil_hooks.h" +#include "opt_random_ip_id.h" #include #include @@ -198,11 +199,9 @@ ip6_init() netisr_register(NETISR_IPV6, ip6_input, &ip6intrq); nd6_init(); frag6_init(); - /* - * in many cases, random() here does NOT return random number - * as initialization during bootstrap time occur in fixed order. - */ +#ifndef RANDOM_IP_ID ip6_flow_seq = arc4random(); +#endif ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; } diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index fa3271277d77..a12e911d5b70 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -276,7 +276,9 @@ extern time_t ip6_log_time; extern int ip6_hdrnestlimit; /* upper limit of # of extension headers */ extern int ip6_dad_count; /* DupAddrDetectionTransmits */ +#ifndef RANDOM_IP_ID extern u_int32_t ip6_flow_seq; +#endif extern int ip6_auto_flowlabel; extern int ip6_auto_linklocal; @@ -357,6 +359,7 @@ int none_input __P((struct mbuf **, int *, int)); #ifdef RANDOM_IP_ID u_int32_t ip6_randomid __P((void)); +u_int32_t ip6_randomflowlabel __P((void)); #endif #endif /* _KERNEL */