projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 21efcfa) | patch
ipv6: make fragment identifications less predictable
authorEric Dumazet <eric.dumazet@gmail.com>
Fri, 22 Jul 2011 04:25:58 +0000 (21:25 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 22 Jul 2011 04:25:58 +0000 (21:25 -0700)
commit87c48fa3b4630905f98268dde838ee43626a060c
tree1374b52ed0514682f836cfa0a6a683eb549c9613tree | snapshot (tar.gz zip)
parent21efcfa0ff27776902a8a15e810147be4d937d69commit | diff
ipv6: make fragment identifications less predictable

IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.

Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)

This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter

Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/char/random.c diff | blob | blame | history
include/linux/random.h diff | blob | blame | history
include/net/inetpeer.h diff | blob | blame | history
include/net/ipv6.h diff | blob | blame | history
net/ipv4/inetpeer.c diff | blob | blame | history
net/ipv6/ip6_output.c diff | blob | blame | history
net/ipv6/udp.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)