1
linux/net/ipv4
David S. Miller 6e5714eaf7 net: Compute protocol sequence numbers and fragment IDs using MD5.
Computers have become a lot faster since we compromised on the
partial MD4 hash which we use currently for performance reasons.

MD5 is a much safer choice, and is inline with both RFC1948 and
other ISS generators (OpenBSD, Solaris, etc.)

Furthermore, only having 24-bits of the sequence number be truly
unpredictable is a very serious limitation.  So the periodic
regeneration and 8-bit counter have been removed.  We compute and
use a full 32-bit sequence number.

For ipv6, DCCP was found to use a 32-bit truncated initial sequence
number (it needs 43-bits) and that is fixed here as well.

Reported-by: Dan Kaminsky <dan@doxpara.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-06 18:33:19 -07:00
..
netfilter net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
af_inet.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-05 23:23:37 -07:00
ah4.c
arp.c neigh: Pass neighbour entry to output ops. 2011-07-17 23:11:17 -07:00
cipso_ipv4.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
datagram.c ipv4: Lock socket and use cork flow in ip4_datagram_connect(). 2011-05-08 13:48:57 -07:00
devinet.c IPv4: Send gratuitous ARP for secondary IP addresses also 2011-07-25 16:16:00 -07:00
esp4.c
fib_frontend.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
fib_lookup.h
fib_rules.c
fib_semantics.c net,rcu: convert call_rcu(fc_rport_free_rcu) to kfree_rcu() 2011-05-07 22:50:55 -07:00
fib_trie.c ipv4: save cpu cycles from check_leaf() 2011-07-18 10:41:18 -07:00
gre.c gre: fix improper error handling 2011-07-23 20:06:00 -07:00
icmp.c icmp: Fix regression in nexthop resolution during replies. 2011-07-22 06:22:10 -07:00
igmp.c net: adjust array index 2011-08-01 02:27:21 -07:00
inet_connection_sock.c seqlock: Get rid of SEQLOCK_UNLOCKED 2011-05-24 15:22:17 +02:00
inet_diag.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-20 22:29:08 -07:00
inet_fragment.c
inet_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
inet_lro.c lro: do vlan cleanup 2011-07-21 13:47:54 -07:00
inet_timewait_sock.c
inetpeer.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip_forward.c ipv4: Fix 'iph' use before set. 2011-05-12 23:03:46 -04:00
ip_fragment.c ipv4: Add ip_defrag() agent IP_DEFRAG_AF_PACKET. 2011-07-05 22:34:52 -07:00
ip_gre.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
ip_input.c ip: introduce ip_is_fragment helper inline function 2011-06-21 20:33:34 -07:00
ip_options.c ip_options_compile: properly handle unaligned pointer 2011-05-31 15:11:02 -07:00
ip_output.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
ip_sockglue.c
ipcomp.c
ipconfig.c ipconfig: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
ipip.c net: call dev_alloc_name from register_netdevice 2011-05-05 10:57:45 -07:00
ipmr.c ipv4: use RT_TOS after some rt_tos conversions 2011-07-23 20:05:31 -07:00
Kconfig
Makefile net: ipv4: add IPPROTO_ICMP socket kind 2011-05-13 16:08:13 -04:00
netfilter.c netfilter: Fix ip_route_me_harder triggering ip_rt_bug 2011-06-29 05:47:32 -07:00
ping.c ipv4, ping: Remove duplicate icmp.h include 2011-06-20 13:04:38 -07:00
proc.c
protocol.c
raw.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
route.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
syncookies.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
sysctl_net_ipv4.c inetpeer: remove unused list 2011-06-08 17:05:30 -07:00
tcp_bic.c
tcp_cong.c
tcp_cubic.c tcp_cubic: limit delayed_ack ratio to prevent divide error 2011-05-08 15:51:57 -07:00
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
tcp_ipv4.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
tcp_lp.c
tcp_minisocks.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
tcp_output.c inet: Pass flowi to ->queue_xmit(). 2011-05-08 15:28:28 -07:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c net: refine {udp|tcp|sctp}_mem limits 2011-07-07 00:27:05 -07:00
tunnel4.c
udp_impl.h
udp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-14 07:56:40 -07:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c xfrm4: Don't call icmp_send on local error 2011-07-01 17:33:19 -07:00
xfrm4_policy.c ip: introduce ip_is_fragment helper inline function 2011-06-21 20:33:34 -07:00
xfrm4_state.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6 2011-05-11 14:26:58 -04:00
xfrm4_tunnel.c