diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2008-06-09 22:47:43 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2008-06-09 22:47:43 +0000 |
commit | 4292580034d73b1c4cdfac0005dc9e4d2589bda1 (patch) | |
tree | 39707a15c935037c1af790655424866680302eaa /sys/netinet6 | |
parent | 8585245d5a6e10c2e09d2a4a531f89455bf9193d (diff) |
Introduce a facility to generate unpredictable 32 bit numbers with
near maximal (2^32) cycle times. These are useful for network
IDs in cases where there are negative consequences to ID prediction
and/or reuse.
Use the idgen32() functions to generate IPv6 IDs and NFS client/server
XIDs.
Pseudorandom permutation code in crypto/idgen.c based on public
domain skip32.c from Greg Rose.
feedback & ok thib@ deraadt@
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ip6_id.c | 22 | ||||
-rw-r--r-- | sys/netinet6/ip6_input.c | 3 | ||||
-rw-r--r-- | sys/netinet6/ip6_output.c | 20 | ||||
-rw-r--r-- | sys/netinet6/ip6_var.h | 5 |
4 files changed, 26 insertions, 24 deletions
diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c index db562454533..580d1b72062 100644 --- a/sys/netinet6/ip6_id.c +++ b/sys/netinet6/ip6_id.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_id.c,v 1.6 2008/04/18 06:42:20 djm Exp $ */ +/* $OpenBSD: ip6_id.c,v 1.7 2008/06/09 22:47:42 djm Exp $ */ /* $NetBSD: ip6_id.c,v 1.7 2003/09/13 21:32:59 itojun Exp $ */ /* $KAME: ip6_id.c,v 1.8 2003/09/06 13:41:06 itojun Exp $ */ @@ -113,17 +113,6 @@ struct randomtab { long ru_reseed; }; -static struct randomtab randomtab_32 = { - 32, /* resulting bits */ - 180, /* Time after wich will be reseeded */ - 1000000000, /* Uniq cycle, avoid blackjack prediction */ - 2, /* Starting generator */ - 2147483629, /* RU_N-1 = 2^2*3^2*59652323 */ - 7, /* determine ru_a as RU_AGEN^(2*rand) */ - 1836660096, /* RU_M = 2^7*3^15 - don't change */ - { 2, 3, 59652323, 0 }, /* factors of ru_n */ -}; - static struct randomtab randomtab_20 = { 20, /* resulting bits */ 180, /* Time after wich will be reseeded */ @@ -239,15 +228,8 @@ randomid(struct randomtab *p) } u_int32_t -ip6_randomid(void) -{ - - return randomid(&randomtab_32); -} - -u_int32_t ip6_randomflowlabel(void) { - return randomid(&randomtab_20) & 0xfffff; } + diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 0e645ad416b..fb99a69a989 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.84 2008/05/15 19:40:38 markus Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.85 2008/06/09 22:47:42 djm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -160,6 +160,7 @@ ip6_init() pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) ip6_protox[pr->pr_protocol] = pr - inet6sw; ip6intrq.ifq_maxlen = ip6qmaxlen; + ip6_randomid_init(); nd6_init(); frag6_init(); ip6_init2((void *)0); diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index cca6865818d..d8faf8bbabf 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.100 2008/03/31 21:15:20 deraadt Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.101 2008/06/09 22:47:42 djm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -88,6 +88,8 @@ #include <netinet6/nd6.h> #include <netinet6/ip6protosw.h> +#include <crypto/idgen.h> + #if NPF > 0 #include <net/pfvar.h> #endif @@ -132,6 +134,9 @@ static int ip6_getpmtu(struct route_in6 *, struct route_in6 *, struct ifnet *, struct in6_addr *, u_long *, int *); static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int); +/* Context for non-repeating IDs */ +struct idgen32_ctx ip6_id_ctx; + /* * IP6 output. The packet in mbuf chain m contains a skeletal IP6 * header (with pri, len, nxt, hlim, src, dst). @@ -3225,3 +3230,16 @@ ip6_optlen(inp) return len; #undef elen } + +u_int32_t +ip6_randomid(void) +{ + return idgen32(&ip6_id_ctx); +} + +void +ip6_randomid_init(void) +{ + idgen32_init(&ip6_id_ctx); +} + diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index b560d21ee74..33f35df951d 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.32 2007/12/14 18:33:41 deraadt Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.33 2008/06/09 22:47:42 djm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -297,6 +297,8 @@ int ip6_setpktopts(struct mbuf *, struct ip6_pktopts *, void ip6_clearpktopts(struct ip6_pktopts *, int); struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int); int ip6_optlen(struct inpcb *); +void ip6_randomid_init(void); +u_int32_t ip6_randomid(void); int route6_input(struct mbuf **, int *, int); @@ -324,7 +326,6 @@ int in6_selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route_in6 *, struct ifnet **, struct rtentry **); -u_int32_t ip6_randomid(void); u_int32_t ip6_randomflowlabel(void); #endif /* _KERNEL */ |