--- ping.c.siphash	Sat Apr 11 00:16:12 2015
+++ ping.c	Sat Apr 11 00:17:21 2015
@@ -72,7 +72,10 @@
 #include <string.h>
 #include <limits.h>
 #include <stdlib.h>
+
 #include <siphash.h>
+#define KEYSTREAM_ONLY
+#include <crypto/chacha_private.h>
 
 struct tv64 {
 	u_int64_t	tv64_sec;
@@ -162,6 +165,7 @@
 
 struct tv64 tv64_offset;
 SIPHASH_KEY mac_key;
+chacha_ctx fill_stream;
 
 void fill(char *, char *);
 void catcher(int signo);
@@ -188,7 +192,7 @@
 	struct hostent *hp;
 	struct sockaddr_in *to;
 	struct in_addr saddr;
-	int ch, i, optval = 1, packlen, preload, maxsize, df = 0, tos = 0;
+	int ch, optval = 1, packlen, preload, maxsize, df = 0, tos = 0;
 	u_char *datap, *packet, ttl = MAXTTL, loop = 1;
 	char *target, hnamebuf[HOST_NAME_MAX+1];
 	char rspace[3 + 4 * NROUTES + 1];	/* record route space */
@@ -385,9 +389,11 @@
 	packlen = datalen + MAXIPLEN + MAXICMPLEN;
 	if (!(packet = malloc((size_t)packlen)))
 		err(1, "malloc");
-	if (!(options & F_PINGFILLED))
-		for (i = sizeof(struct payload); i < datalen; ++i)
-			*datap++ = i;
+	if (!(options & F_PINGFILLED) && datalen > sizeof(struct payload)) {
+		u_int8_t key[32];
+		arc4random_buf(key, sizeof(key));
+		chacha_keysetup(&fill_stream, key, sizeof(key), 0);
+	}
 
 	ident = getpid() & 0xFFFF;
 
@@ -647,6 +653,14 @@
 		SipHash24_Final(&payload.mac, &ctx);
 
 		memcpy(&outpack[8], &payload, sizeof(payload));
+
+		if (!(options & F_PINGFILLED) && datalen > sizeof(payload)) {
+			u_int8_t *dp = &outpack[8 + sizeof(payload)];
+
+			chacha_ivsetup(&fill_stream, payload.mac);
+			chacha_encrypt_bytes(&fill_stream, dp, dp,
+			    datalen - sizeof(payload));
+		}
 	}
 
 	cc = datalen + 8;			/* skips ICMP portion */
@@ -700,6 +714,7 @@
 	char *pkttime;
 	quad_t triptime = 0;
 	int hlen, hlen2, dupflag;
+	struct payload payload;
 
 	if (clock_gettime(CLOCK_MONOTONIC, &ts) == -1)
 		err(1, "clock_gettime(CLOCK_MONOTONIC)");
@@ -723,7 +738,6 @@
 		++nreceived;
 		if (cc >= 8 + sizeof(struct payload)) {
 			SIPHASH_CTX ctx;
-			struct payload payload;
 			struct tv64 *tv64 = &payload.tv64;
 			u_int8_t mac[SIPHASH_DIGEST_LENGTH];
 
@@ -790,6 +804,11 @@
 				(void)printf(" (TRUNC!)");
 			cp = (u_char *)&icp->icmp_data[sizeof(struct payload)];
 			dp = &outpack[8 + sizeof(struct payload)];
+			if (!(options & F_PINGFILLED)) {
+				chacha_ivsetup(&fill_stream, payload.mac);
+				chacha_encrypt_bytes(&fill_stream, dp, dp,
+				    datalen - sizeof(payload));
+			}
 			for (i = 8 + sizeof(struct payload);
 			    i < cc && i < datalen;
 			    ++i, ++cp, ++dp) {