kern/133736: ip_id not protected ...

Ernest Hua ehua at
Tue Apr 14 14:10:03 PDT 2009

>Number:         133736
>Category:       kern
>Synopsis:       ip_id not protected ...
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 14 21:10:02 UTC 2009
>Originator:     Ernest Hua
>Release:        7.0-RELEASE
MaxiScale, Inc.
FreeBSD r01s18 7.0-RELEASE FreeBSD 7.0-RELEASE #0: ... amd64

This is our own compiled kernel that is based on 7.0-RELEASE with the dump/snapshot patch applied.

We have evidence of IP fragments from different UDP transactions being stamped with the same 16-bit id.

Using a multi-threaded application, transmit lots of large (much greater than MTU) UDP packets of the same size with known but distinctive content to a single destination port using a multi-core system as the transmitter.

There will be occasional data corruption found at the destination where data from one transaction is found in the payload of another transaction.

ip_id needs some atomic protection.

The same can probably be said of the random id generator.


More information about the freebsd-bugs mailing list