| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110721.212616.1138861523109414324.davem@davemloft.net> Date: Thu, 21 Jul 2011 21:26:16 -0700 (PDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: fernando@...t.com.ar, security@...nel.org, eugeneteo@...nel.sg, netdev@...r.kernel.org, mpm@...enic.com Subject: Re: [PATCH net-next-2.6] ipv6: make fragment identifications less predictable From: Eric Dumazet <eric.dumazet@...il.com> Date: Tue, 19 Jul 2011 22:47:03 +0200 > IPv6 fragment identification generation is way beyond what we use for > IPv4 : It uses a single generator. Its not scalable and allows DOS > attacks. > > Now inetpeer is IPv6 aware, we can use it to provide a more secure and > scalable frag ident generator (per destination, instead of system wide) > > This patch : > 1) defines a new secure_ipv6_id() helper > 2) extends inet_getid() to provide 32bit results > 3) extends ipv6_select_ident() with a new dest parameter > > Reported-by: Fernando Gont <fernando@...t.com.ar> > CC: Matt Mackall <mpm@...enic.com> > CC: Eugene Teo <eugeneteo@...nel.sg> > Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> Applied, and I'll queue up your backport-friendly version for -stable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists