kern/60889: 5.2RC2 - zero IP id change not effective for TCP,
detrimental to security/privacy and maybe interoperation
Richard Wendland
richard at starburst.demon.co.uk
Thu Jan 8 03:00:41 PST 2004
The following reply was made to PR kern/60889; it has been noted by GNATS.
From: Richard Wendland <richard at starburst.demon.co.uk>
To: freebsd-gnats-submit at FreeBSD.org, richard at wendland.org.uk
Cc:
Subject: Re: kern/60889: 5.2RC2 - zero IP id change not effective for TCP, detrimental to security/privacy and maybe interoperation
Date: Thu, 8 Jan 2004 10:59:32 +0000 (GMT)
I have identified a further problem with this change:
This change causes ip_id for non-DF to be output in native byte order in
ip_output.c. Unfortunately ip_id is still output in Network Byte Order
in ip_mroute.c and raw_ip.c, so this change risks little-endian machines
emitting the same IP fragmentation id at about the same time from these
different modules (after another 255 packets), rather than after the usual
64k cycle; creating a small but real risk of fragment re-assembly errors.
Richard
--
Richard Wendland richard at wendland.org.uk
More information about the freebsd-bugs
mailing list