linux/net/ipv4
Eric Dumazet 87c48fa3b4 ipv6: make fragment identifications less predictable
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.

Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)

This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter

Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-07-21 21:25:58 -07:00
..
netfilter Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-05 23:23:37 -07:00
af_inet.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-05 23:23:37 -07:00
ah4.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
arp.c neigh: Pass neighbour entry to output ops. 2011-07-17 23:11:17 -07:00
cipso_ipv4.c inet: add RCU protection to inet->opt 2011-04-28 13:16:35 -07:00
datagram.c ipv4: Lock socket and use cork flow in ip4_datagram_connect(). 2011-05-08 13:48:57 -07:00
devinet.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
esp4.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
fib_frontend.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
fib_lookup.h ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_rules.c ipv4: Use flowi4 in FIB layer. 2011-03-12 15:08:49 -08:00
fib_semantics.c net,rcu: convert call_rcu(fc_rport_free_rcu) to kfree_rcu() 2011-05-07 22:50:55 -07:00
fib_trie.c ipv4: save cpu cycles from check_leaf() 2011-07-18 10:41:18 -07:00
gre.c Remove redundant linux/version.h includes from net/ 2011-06-21 16:03:17 -07:00
icmp.c ipv4: Pass explicit destination address to rt_bind_peer(). 2011-05-18 18:42:43 -04:00
igmp.c igmp: call ip_mc_clear_src() only when we have no users of ip_mc_list 2011-05-24 13:26:12 -04:00
inet_connection_sock.c seqlock: Get rid of SEQLOCK_UNLOCKED 2011-05-24 15:22:17 +02:00
inet_diag.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-20 22:29:08 -07:00
inet_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_hashtables.c inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners 2010-11-28 18:18:44 -08:00
inet_lro.c lro: do vlan cleanup 2011-07-21 13:47:54 -07:00
inet_timewait_sock.c tcp: fix inet_twsk_deschedule() 2011-02-19 18:59:04 -08:00
inetpeer.c ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
ip_forward.c ipv4: Fix 'iph' use before set. 2011-05-12 23:03:46 -04:00
ip_fragment.c ipv4: Add ip_defrag() agent IP_DEFRAG_AF_PACKET. 2011-07-05 22:34:52 -07:00
ip_gre.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
ip_input.c ip: introduce ip_is_fragment helper inline function 2011-06-21 20:33:34 -07:00
ip_options.c ip_options_compile: properly handle unaligned pointer 2011-05-31 15:11:02 -07:00
ip_output.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
ip_sockglue.c inet: add RCU protection to inet->opt 2011-04-28 13:16:35 -07:00
ipcomp.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipconfig.c ipconfig: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
ipip.c net: call dev_alloc_name from register_netdevice 2011-05-05 10:57:45 -07:00
ipmr.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
Kconfig ipv4: Remove fib_hash. 2011-02-01 15:35:25 -08:00
Makefile net: ipv4: add IPPROTO_ICMP socket kind 2011-05-13 16:08:13 -04:00
netfilter.c netfilter: Fix ip_route_me_harder triggering ip_rt_bug 2011-06-29 05:47:32 -07:00
ping.c ipv4, ping: Remove duplicate icmp.h include 2011-06-20 13:04:38 -07:00
proc.c tcp: Replace time wait bucket msg by counter 2010-12-08 12:16:33 -08:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c ipv4: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
route.c net: Add ->neigh_lookup() operation to dst_ops 2011-07-18 00:40:17 -07:00
syncookies.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
sysctl_net_ipv4.c inetpeer: remove unused list 2011-06-08 17:05:30 -07:00
tcp_bic.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_cong.c net/ipv4: Eliminate kstrdup memory leak 2010-08-27 19:31:56 -07:00
tcp_cubic.c tcp_cubic: limit delayed_ack ratio to prevent divide error 2011-05-08 15:51:57 -07:00
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_htcp.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_hybla.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_illinois.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_input.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
tcp_ipv4.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-20 22:29:08 -07:00
tcp_lp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp_minisocks.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
tcp_output.c inet: Pass flowi to ->queue_xmit(). 2011-05-08 15:28:28 -07:00
tcp_probe.c net: ipv4: tcp_probe: cleanup snprintf() use 2010-11-17 12:27:46 -08:00
tcp_scalable.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_timer.c tcp: Remove debug macro of TCP_CHECK_TIMER 2011-02-20 11:10:14 -08:00
tcp_vegas.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_westwood.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_yeah.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp.c net: refine {udp|tcp|sctp}_mem limits 2011-07-07 00:27:05 -07:00
tunnel4.c tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-14 07:56:40 -07:00
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm4_input.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_mode_beet.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
xfrm4_output.c xfrm4: Don't call icmp_send on local error 2011-07-01 17:33:19 -07:00
xfrm4_policy.c ip: introduce ip_is_fragment helper inline function 2011-06-21 20:33:34 -07:00
xfrm4_state.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6 2011-05-11 14:26:58 -04:00
xfrm4_tunnel.c net: struct xfrm_tunnel in read_mostly section 2010-08-30 13:50:45 -07:00