summaryrefslogtreecommitdiff
path: root/sys/netinet6
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2008-06-09 22:47:43 +0000
committerDamien Miller <djm@cvs.openbsd.org>2008-06-09 22:47:43 +0000
commit4292580034d73b1c4cdfac0005dc9e4d2589bda1 (patch)
tree39707a15c935037c1af790655424866680302eaa /sys/netinet6
parent8585245d5a6e10c2e09d2a4a531f89455bf9193d (diff)
Introduce a facility to generate unpredictable 32 bit numbers with
near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
Diffstat (limited to 'sys/netinet6')
-rw-r--r--sys/netinet6/ip6_id.c22
-rw-r--r--sys/netinet6/ip6_input.c3
-rw-r--r--sys/netinet6/ip6_output.c20
-rw-r--r--sys/netinet6/ip6_var.h5
4 files changed, 26 insertions, 24 deletions
diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c
index db562454533..580d1b72062 100644
--- a/sys/netinet6/ip6_id.c
+++ b/sys/netinet6/ip6_id.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_id.c,v 1.6 2008/04/18 06:42:20 djm Exp $ */
+/* $OpenBSD: ip6_id.c,v 1.7 2008/06/09 22:47:42 djm Exp $ */
/* $NetBSD: ip6_id.c,v 1.7 2003/09/13 21:32:59 itojun Exp $ */
/* $KAME: ip6_id.c,v 1.8 2003/09/06 13:41:06 itojun Exp $ */
@@ -113,17 +113,6 @@ struct randomtab {
long ru_reseed;
};
-static struct randomtab randomtab_32 = {
- 32, /* resulting bits */
- 180, /* Time after wich will be reseeded */
- 1000000000, /* Uniq cycle, avoid blackjack prediction */
- 2, /* Starting generator */
- 2147483629, /* RU_N-1 = 2^2*3^2*59652323 */
- 7, /* determine ru_a as RU_AGEN^(2*rand) */
- 1836660096, /* RU_M = 2^7*3^15 - don't change */
- { 2, 3, 59652323, 0 }, /* factors of ru_n */
-};
-
static struct randomtab randomtab_20 = {
20, /* resulting bits */
180, /* Time after wich will be reseeded */
@@ -239,15 +228,8 @@ randomid(struct randomtab *p)
}
u_int32_t
-ip6_randomid(void)
-{
-
- return randomid(&randomtab_32);
-}
-
-u_int32_t
ip6_randomflowlabel(void)
{
-
return randomid(&randomtab_20) & 0xfffff;
}
+
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 0e645ad416b..fb99a69a989 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_input.c,v 1.84 2008/05/15 19:40:38 markus Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.85 2008/06/09 22:47:42 djm Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -160,6 +160,7 @@ ip6_init()
pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
ip6_protox[pr->pr_protocol] = pr - inet6sw;
ip6intrq.ifq_maxlen = ip6qmaxlen;
+ ip6_randomid_init();
nd6_init();
frag6_init();
ip6_init2((void *)0);
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index cca6865818d..d8faf8bbabf 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_output.c,v 1.100 2008/03/31 21:15:20 deraadt Exp $ */
+/* $OpenBSD: ip6_output.c,v 1.101 2008/06/09 22:47:42 djm Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -88,6 +88,8 @@
#include <netinet6/nd6.h>
#include <netinet6/ip6protosw.h>
+#include <crypto/idgen.h>
+
#if NPF > 0
#include <net/pfvar.h>
#endif
@@ -132,6 +134,9 @@ static int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
struct ifnet *, struct in6_addr *, u_long *, int *);
static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int);
+/* Context for non-repeating IDs */
+struct idgen32_ctx ip6_id_ctx;
+
/*
* IP6 output. The packet in mbuf chain m contains a skeletal IP6
* header (with pri, len, nxt, hlim, src, dst).
@@ -3225,3 +3230,16 @@ ip6_optlen(inp)
return len;
#undef elen
}
+
+u_int32_t
+ip6_randomid(void)
+{
+ return idgen32(&ip6_id_ctx);
+}
+
+void
+ip6_randomid_init(void)
+{
+ idgen32_init(&ip6_id_ctx);
+}
+
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index b560d21ee74..33f35df951d 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_var.h,v 1.32 2007/12/14 18:33:41 deraadt Exp $ */
+/* $OpenBSD: ip6_var.h,v 1.33 2008/06/09 22:47:42 djm Exp $ */
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
/*
@@ -297,6 +297,8 @@ int ip6_setpktopts(struct mbuf *, struct ip6_pktopts *,
void ip6_clearpktopts(struct ip6_pktopts *, int);
struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int);
int ip6_optlen(struct inpcb *);
+void ip6_randomid_init(void);
+u_int32_t ip6_randomid(void);
int route6_input(struct mbuf **, int *, int);
@@ -324,7 +326,6 @@ int in6_selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
struct rtentry **);
-u_int32_t ip6_randomid(void);
u_int32_t ip6_randomflowlabel(void);
#endif /* _KERNEL */