[tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
Adrian Chadd
adrian at freebsd.org
Fri Nov 7 16:31:49 UTC 2014
... that's .. odd.
Let's poke the freebsd crypto and network stack people and ask. I
can't imagine why this is a problem anymore and we should default to
it being on. The other thing you could do is have the tor port require
it be turned on before tor runs.
-adrian
On 7 November 2014 00:20, grarpamp <grarpamp at gmail.com> wrote:
> On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter <phw at nymity.ch> wrote:
>> On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote:
>>> 173 FreeBSD
>>
>> FreeBSD still seems to use globally incrementing IP IDs by default.
>> That's an issue as it leaks fine-grained information about how many
>> packets a relay's networking stack processes. (However, nobody
>> investigated the exact impact on Tor relays so far, which makes this a
>> FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD
>> relays I tested (38%) use global IP IDs.
>>
>> There's a sysctl variable called "net.inet.ip.random_id" which makes a
>> FreeBSD's IP ID behaviour random. FreeBSD relay operators should set
>> this to "1".
>>
>> Note that this issue was already discussed earlier this year in a thread
>> called "Lots of tor relays send out sequential IP IDs; please fix
>> that!".
>
> It's been default off since before it was a sysctl over a decade ago.
> Anyone know what the deal is with that? Some objection, or
> forgotten flag day, or oversight that really should be set to 1?
> https://svnweb.freebsd.org/base?view=revision&revision=133720
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list