From 52d5a93b92097e7a79be8d2e0eb9c1a58b8337d1 Mon Sep 17 00:00:00 2001
From: Shawn Webb <shawn.webb@hardenedbsd.org>
Date: Tue, 5 Jan 2016 19:54:17 -0500
Subject: [PATCH] HBSD: Randomize IP IDs when PAX_HARDENING is set.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
MFC-to:		10-STABLE
github-issue:	#174
---
 sys/netinet/ip_id.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c
index b0efbee0b262b..665226577a2b1 100644
--- a/sys/netinet/ip_id.c
+++ b/sys/netinet/ip_id.c
@@ -74,6 +74,8 @@ __FBSDID("$FreeBSD$");
  * enabled.
  */
 
+#include "opt_pax.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/counter.h>
@@ -98,7 +100,13 @@ __FBSDID("$FreeBSD$");
  * user wants to, we can turn on random ID generation.
  */
 static VNET_DEFINE(int, ip_rfc6864) = 1;
+
+#ifdef PAX_HARDENING
+static VNET_DEFINE(int, ip_do_randomid) = 1;
+#else
 static VNET_DEFINE(int, ip_do_randomid) = 0;
+#endif
+
 #define	V_ip_rfc6864		VNET(ip_rfc6864)
 #define	V_ip_do_randomid	VNET(ip_do_randomid)