Author: hselasky Date: Fri Apr 3 14:00:08 2015 New Revision: 281024 URL: https://svnweb.freebsd.org/changeset/base/281024
Log: Add more documentation about the "net.inet.ip.random_id" sysctl knob and how it can affect information flow between observers. MFC after: 1 week Modified: head/share/man/man4/inet.4 Modified: head/share/man/man4/inet.4 ============================================================================== --- head/share/man/man4/inet.4 Fri Apr 3 13:57:14 2015 (r281023) +++ head/share/man/man4/inet.4 Fri Apr 3 14:00:08 2015 (r281024) @@ -28,7 +28,7 @@ .\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd April 2, 2015 +.Dd April 3, 2015 .Dt INET 4 .Os .Sh NAME @@ -244,10 +244,22 @@ IP datagrams (or all IP datagrams, if .Va ip.rfc6864 is disabled) to be randomized instead of incremented by 1 with each packet generated. -This closes a minor information leak which allows remote observers to +This prevents information exchange between any combination of two or +more inside and/or outside observers using packet frequency +modulation, PFM. +An outside observer can ping the outside facing port at a fixed rate +sampling the returned counter. +An inside observer can ping the inside facing port sampling the same +counter. +Even though packets don't flow directly between any of the observers +any single observer can influence the data rate the other observer(s) +is or are sampling. +This is done by sending more or less ping packets towards the gateway +per measured interval. +Setting this sysctl also prevents the remote and internal observers to determine the rate of packet generation on the machine by watching the counter. -In the same time, on high-speed links, it can decrease the ID reuse +At the same time, on high-speed links, it can decrease the ID reuse cycle greatly. Default is 0 (sequential IP IDs). IPv6 flow IDs and fragment IDs are always random. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
