linux/net/ipv6
David S. Miller 6e5714eaf7 net: Compute protocol sequence numbers and fragment IDs using MD5.
Computers have become a lot faster since we compromised on the
partial MD4 hash which we use currently for performance reasons.

MD5 is a much safer choice, and is inline with both RFC1948 and
other ISS generators (OpenBSD, Solaris, etc.)

Furthermore, only having 24-bits of the sequence number be truly
unpredictable is a very serious limitation.  So the periodic
regeneration and 8-bit counter have been removed.  We compute and
use a full 32-bit sequence number.

For ipv6, DCCP was found to use a 32-bit truncated initial sequence
number (it needs 43-bits) and that is fixed here as well.

Reported-by: Dan Kaminsky <dan@doxpara.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-06 18:33:19 -07:00
..
netfilter
addrconf_core.c
addrconf.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
addrlabel.c
af_inet6.c net: bind() fix error return on wrong address family 2011-07-04 21:37:41 -07:00
ah6.c
anycast.c
datagram.c ipv6: check for IPv4 mapped addresses when connecting IPv6 sockets 2011-08-05 03:56:30 -07:00
esp6.c
exthdrs_core.c
exthdrs.c
fib6_rules.c
icmp.c
inet6_connection_sock.c
inet6_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip6_fib.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
ip6_flowlabel.c
ip6_input.c
ip6_output.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
ip6_tunnel.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
ip6mr.c
ipcomp6.c
ipv6_sockglue.c
Kconfig
Makefile
mcast.c
mip6.c
ndisc.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
netfilter.c
proc.c
protocol.c
raw.c ipv6: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
reassembly.c
route.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
sit.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
tunnel6.c
udp_impl.h
udp.c ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_state.c
xfrm6_tunnel.c