From a07b5793ea4dda6952acf96a912741bcfb8bc6d0 Mon Sep 17 00:00:00 2001
From: christos <christos@NetBSD.org>
Date: Mon, 8 Mar 2021 17:54:23 +0000
Subject: [PATCH] Use a random IPv4 ID because the shuffling algorithm used
 before could expose information (Amit Klein)

---
 sys/netinet/in_var.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h
index b1ca48435dd5..d44de4c89d63 100644
--- a/sys/netinet/in_var.h
+++ b/sys/netinet/in_var.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: in_var.h,v 1.98 2020/09/11 15:22:12 roy Exp $	*/
+/*	$NetBSD: in_var.h,v 1.99 2021/03/08 17:54:23 christos Exp $	*/
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -65,6 +65,7 @@
 #define _NETINET_IN_VAR_H_
 
 #include <sys/queue.h>
+#include <sys/cprng.h>
 
 #define IN_IFF_TENTATIVE	0x01	/* tentative address */
 #define IN_IFF_DUPLICATED	0x02	/* DAD detected duplicate */
@@ -469,7 +470,8 @@ ip_newid_range(const struct in_ifaddr *ia, u_int num)
 
 	if (ip_do_randomid) {
 		/* XXX ignore num */
-		return ip_randomid(ip_ids, ia ? ia->ia_idsalt : 0);
+		id = (uint16_t)cprng_fast32();
+		return id ? id : 1;
 	}
 
 	/* Never allow an IP ID of 0 (detect wrap). */