David S. Miller
6e5714eaf7
net: Compute protocol sequence numbers and fragment IDs using MD5. ...
Computers have become a lot faster since we compromised on the
partial MD4 hash which we use currently for performance reasons.
MD5 is a much safer choice, and is inline with both RFC1948 and
other ISS generators (OpenBSD, Solaris, etc.)
Furthermore, only having 24-bits of the sequence number be truly
unpredictable is a very serious limitation. So the periodic
regeneration and 8-bit counter have been removed. We compute and
use a full 32-bit sequence number.
For ipv6, DCCP was found to use a 32-bit truncated initial sequence
number (it needs 43-bits) and that is fixed here as well.
Reported-by: Dan Kaminsky <dan@doxpara.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-06 18:33:19 -07:00
2011-07-23 09:32:52 -05:00
2011-07-15 10:05:24 -04:00
2011-06-01 21:15:38 -07:00
2011-03-31 11:26:23 -03:00
2011-03-31 11:26:23 -03:00
2011-07-26 16:49:47 -07:00
2011-07-26 16:49:47 -07:00
2011-05-02 15:26:28 -07:00
2011-07-26 16:49:47 -07:00
2010-08-20 01:42:59 -07:00
2011-07-06 02:52:16 -07:00
2011-04-24 10:54:56 -07:00
2009-08-12 21:54:50 -07:00
2011-04-24 10:54:56 -07:00
2011-04-24 10:54:56 -07:00
2011-01-13 21:48:25 -08:00
2011-07-18 00:40:17 -07:00
2011-04-24 10:54:56 -07:00
2011-07-26 16:49:47 -07:00
2011-07-19 16:49:58 -04:00
2011-08-01 17:58:33 -07:00
2010-10-07 09:43:45 +02:00
2011-05-05 11:10:14 -07:00
2010-12-31 10:47:46 -08:00
2011-07-05 23:42:17 -07:00
2010-11-08 13:50:08 -08:00
2011-03-12 15:08:55 -08:00
2010-06-03 03:21:52 -07:00
2011-03-12 15:08:55 -08:00
2011-03-12 15:08:55 -08:00
2011-07-18 00:40:17 -07:00
2011-08-03 03:34:12 -07:00
2010-10-27 11:37:32 -07:00
2011-07-26 16:49:47 -07:00
2011-05-12 17:46:56 -04:00
2011-03-31 11:26:23 -03:00
2011-06-22 16:09:45 -04:00
2010-08-21 23:05:39 -07:00
2011-02-04 15:59:53 -08:00
2011-01-28 15:44:29 -05:00
2009-11-06 14:32:18 +03:00
2009-07-23 17:08:51 +04:00
2011-05-19 16:21:22 -04:00
2011-05-08 15:28:28 -07:00
2009-12-08 20:17:51 -08:00
2010-07-12 20:21:46 -07:00
2011-05-18 18:32:03 -04:00
2011-05-12 18:52:14 -04:00
2010-06-30 13:44:29 -07:00
2011-07-26 16:49:47 -07:00
2011-05-06 15:37:57 -07:00
2011-07-26 16:49:47 -07:00
2011-07-26 16:49:47 -07:00
2011-07-17 23:11:35 -07:00
2011-04-24 10:54:56 -07:00
2010-10-25 13:09:45 -07:00
2011-04-14 15:05:22 -07:00
2011-07-26 16:49:47 -07:00
2011-07-05 22:34:52 -07:00
2010-02-16 23:05:38 -08:00
2010-10-27 11:37:32 -07:00
2011-07-21 21:25:58 -07:00
2011-04-24 10:54:56 -07:00
2011-03-31 11:26:23 -03:00
2011-07-26 16:49:47 -07:00
2009-12-26 20:43:57 -08:00
2011-05-13 15:13:24 -04:00
2011-07-26 16:49:47 -07:00
2011-07-20 15:04:35 -04:00
2010-06-03 03:21:52 -07:00
2010-04-23 13:35:55 +09:00
2011-04-24 10:54:56 -07:00
2011-07-26 16:49:47 -07:00
2011-07-26 16:49:47 -07:00
2011-05-27 13:41:33 -04:00
2011-04-24 10:54:56 -07:00
2011-08-01 17:58:33 -07:00
2011-06-22 16:09:45 -04:00
2010-03-30 22:02:32 +09:00
2011-07-05 15:26:57 -04:00
2009-08-19 23:08:22 +04:00
2011-05-17 14:16:58 -04:00
2010-12-21 12:43:16 -08:00
2011-07-06 02:52:16 -07:00
2011-01-24 15:32:47 -08:00
2010-09-08 13:42:22 -07:00
2011-04-24 10:54:56 -07:00
2011-01-12 19:00:39 -08:00
2010-11-22 15:48:51 -05:00
2010-01-17 19:09:39 -08:00
2011-03-27 17:59:04 -07:00
2011-05-18 18:42:43 -04:00
2011-06-09 20:38:07 -07:00
2011-07-06 02:52:16 -07:00
2010-11-24 11:16:43 -08:00
2011-08-06 18:33:19 -07:00
2011-06-11 16:23:59 -07:00
2011-07-25 13:56:39 -07:00
2011-06-08 17:05:30 -07:00
2010-12-01 18:09:13 -08:00
2011-04-24 10:54:56 -07:00
2011-03-01 12:35:03 -08:00
2011-03-01 12:35:03 -08:00
2009-10-07 16:39:43 -04:00
2011-06-24 17:50:44 -07:00
2011-03-31 11:26:23 -03:00
2010-11-28 11:12:20 -08:00
2010-04-22 16:12:36 -07:00
2011-05-11 14:26:58 -04:00
6e5714eaf7