Complain if net.inet.ip.random_id is not set on FreeBSD-based servers

Apparently a couple of operators haven't gotten the memos [0] yet and it looks like FreeBSD's default value will not change any time soon [1]. [0]: https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.html https://lists.torproject.org/pipermail/tor-relays/2014-November/005687.html https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195828 [1]: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041942.html
2024-11-11 05:33:47 +01:00 · 2015-04-07 16:36:05 +02:00 · 2015-04-07 16:36:05 +02:00 · 71651ea4aa
commit 71651ea4aa
parent 8183640ada
1 changed files with 21 additions and 0 deletions
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@ -157,6 +157,10 @@
 #include "core/or/connection_st.h"
 #include "core/or/port_cfg_st.h"

+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif
+
 #ifdef HAVE_SYSTEMD
 #   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
 /* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
@ -3383,6 +3387,23 @@ options_validate(or_options_t *old_options, or_options_t *options,
  if (ContactInfo && !string_is_utf8(ContactInfo, strlen(ContactInfo)))
    REJECT("ContactInfo config option must be UTF-8.");

+#ifdef __FreeBSD__
+  if (server_mode(options)) {
+    int random_id_state;
+    size_t state_size = sizeof(random_id_state);
+
+    if (sysctlbyname("net.inet.ip.random_id", &random_id_state,
+        &state_size, NULL, 0)) {
+      log_warn(LD_CONFIG,
+          "Failed to figure out if IP ids are randomized.");
+    } else if (random_id_state == 0) {
+      log_warn(LD_CONFIG, "Looks like IP ids are not randomized. "
+          "Please consider setting the net.inet.ip.random_id sysctl, "
+          "so your relay makes it harder to figure out how busy it is.");
+    }
+  }
+#endif
+
  /* Special case on first boot if no Log options are given. */
  if (!options->Logs && !options->RunAsDaemon && !from_setconf) {
    if (quiet_level == 0)