[tor-commits] [tor/master] Complain if net.inet.ip.random_id is not set on FreeBSD-based servers

nickm at torproject.org nickm at torproject.org
Sat Dec 1 16:37:00 UTC 2018


commit 71651ea4aa507ee50865bd9584873e0c9a422c14
Author: Fabian Keil <fk at fabiankeil.de>
Date:   Tue Apr 7 16:36:05 2015 +0200

    Complain if net.inet.ip.random_id is not set on FreeBSD-based servers
    
    Apparently a couple of operators haven't gotten the memos [0] yet
    and it looks like FreeBSD's default value will not change any time
    soon [1].
    
    [0]:
    https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.html
    https://lists.torproject.org/pipermail/tor-relays/2014-November/005687.html
    https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195828
    
    [1]:
    https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041942.html
---
 src/app/config/config.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/app/config/config.c b/src/app/config/config.c
index 45a23d67d..56fca1549 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -157,6 +157,10 @@
 #include "core/or/connection_st.h"
 #include "core/or/port_cfg_st.h"
 
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif
+
 #ifdef HAVE_SYSTEMD
 #   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
 /* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
@@ -3383,6 +3387,23 @@ options_validate(or_options_t *old_options, or_options_t *options,
   if (ContactInfo && !string_is_utf8(ContactInfo, strlen(ContactInfo)))
     REJECT("ContactInfo config option must be UTF-8.");
 
+#ifdef __FreeBSD__
+  if (server_mode(options)) {
+    int random_id_state;
+    size_t state_size = sizeof(random_id_state);
+
+    if (sysctlbyname("net.inet.ip.random_id", &random_id_state,
+        &state_size, NULL, 0)) {
+      log_warn(LD_CONFIG,
+          "Failed to figure out if IP ids are randomized.");
+    } else if (random_id_state == 0) {
+      log_warn(LD_CONFIG, "Looks like IP ids are not randomized. "
+          "Please consider setting the net.inet.ip.random_id sysctl, "
+          "so your relay makes it harder to figure out how busy it is.");
+    }
+  }
+#endif
+
   /* Special case on first boot if no Log options are given. */
   if (!options->Logs && !options->RunAsDaemon && !from_setconf) {
     if (quiet_level == 0)





More information about the tor-commits mailing list