HBSD: Randomize IP IDs when PAX_HARDENING is set.

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> MFC-to: 10-STABLE github-issue: #174
HardenedBSD · Jan 6, 2016 · 52d5a93 · 52d5a93
1 parent b34045f
commit 52d5a93
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c
@@ -74,6 +74,8 @@ __FBSDID("$FreeBSD$");
  * enabled.
  */
 
+#include "opt_pax.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/counter.h>
@@ -98,7 +100,13 @@ __FBSDID("$FreeBSD$");
  * user wants to, we can turn on random ID generation.
  */
 static VNET_DEFINE(int, ip_rfc6864) = 1;
+
+#ifdef PAX_HARDENING
+static VNET_DEFINE(int, ip_do_randomid) = 1;
+#else
 static VNET_DEFINE(int, ip_do_randomid) = 0;
+#endif
+
 #define	V_ip_rfc6864		VNET(ip_rfc6864)
 #define	V_ip_do_randomid	VNET(ip_do_randomid)