Patch to reduce use of global IP ID value(s) to avoid leaking information
Hans Petter Selasky
hps at selasky.org
Fri Apr 3 21:16:20 UTC 2015
Hi,
Moving this discussion away from the committers list, like requested by
Gorge N.
On 04/03/15 17:14, Gleb Smirnoff wrote:> Hans,
>
> What the hell? At Fri, 3 Apr 2015 15:41:21 +0300 (MSK) you ask:
An expression like that requires a good answer. I've pulled together
some parts and pieces from some existing code to make a test application
showing the problem. Maybe when you hear the problem with your own ears,
you will get it.
Setup:
I'm running 11-current prior to Gleb's IP ID commits. Possibly Gleb's IP
ID commits won't change much.
This little crude application I've called "pingphone" almost allows you
to speak PCM audio through ICMP packets with zero payload.
You need a computer with a sound card that can handle 8KHz PCM which
plays through the default /dev/dsp !
Set the default audio adapter using:
sysctl hw.snd.default_unit=XXX
Also make sure that "kern.hz" is set to 1000 or 8000 and not 100. Else
change it and reboot.
fetch http://home.selasky.org:8192/privat/pingphone/pingphone.c
Or try this if the above fails:
fetch http://home.selasky.org/privat/pingphone/pingphone.c
Compile it:
cc -Wall pingphone.c
Let me know if it doesn't compile.
Start the ping recorder on localhost (IPv4):
./a.out -m 1 -T 127.0.0.1
Start audio producer on localhost:
./a.out -m 0 -T 127.0.0.1
Stop audio producer on localhost. Start the audio producer from another
box so that the traffic goes accross a real network. Maybe inside a jail
too?
./a.out -m 0 -T 192.168.x.x
Still don't understand what the problem is?
Should I make it play some Beethoven piece perhaps ;-)
When you're done you maybe want to restore the ICMP limit back to the
default:
sysctl net.inet.icmp.icmplim=200
What's stated in:
https://svnweb.freebsd.org/changeset/base/281024
Is correct. I see no technical reason to pull that out.
For the future I've made a new project branch called "hps_head" where I
will do development for sys/net/ sys/netinet and sys/netinet6 if I need.
Gleb and Robert: You will have -current all to yourself and I hope to
not receive any further angry comments from you regarding the issues
that appeared this easter.
Thank you for the attention.
--HPS
More information about the freebsd-net
mailing list