lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1406357505.12728.5.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Sat, 26 Jul 2014 08:51:45 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Hannes Frederic Sowa <hannes@...hat.com>
Cc:	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>,
	Jeffrey Knockel <jeffk@...unm.edu>,
	"Jedidiah R. Crandall" <crandall@...unm.edu>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Willy Tarreau <w@....eu>, security@...nel.org
Subject: Re: [PATCH v2 net] ip: make IP identifiers less predictable

On Sat, 2014-07-26 at 00:35 +0200, Hannes Frederic Sowa wrote:
> On Fr, 2014-07-25 at 21:50 +0200, Eric Dumazet wrote:
> > diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> > index cb9df0eb4023..73372e8016b9 100644
> > --- a/net/ipv6/ip6_output.c
> > +++ b/net/ipv6/ip6_output.c
> > @@ -545,6 +545,7 @@ static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
> >  	net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
> >  
> >  	hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
> > +	hash ^= __ipv6_addr_jhash(&rt->rt6i_src.addr, fhdr->nexthdr);
> 
> I am not sure if we should hash fhdr->nexthdr for IPv6.
> 

It seemed a reasonable idea to me ;)

> If you look at the reassembly engine, we compare protocol value for IPv4
> but not for IPv6 (we even don't save it).

That is linux, what about other reassembly engines ?

> 
> Even if we only transmit packets with UDP protocol type we might end up
> having an extension header right after the fragmentation header of
> another type later in the flow. We can end up using a different bucket
> and thus reusing a fragmentation id wich has been seen before in this
> flow possibly resulting in reassembly issues.

This seems to point a bug in our reassembly unit then ? It seems to rely
on senders being linux based or something.

Anyway, I'll send a v3 without netxdhr, ipv6 guys will make net-next
patches if needed.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ