diff options
| author | Florian Westphal <fw@strlen.de> | 2017-03-24 14:42:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-03-24 22:27:44 -0400 |
| commit | 28ee1b746f493b7c62347d714f58fbf4f70df4f0 (patch) | |
| tree | 852380c08234ff831bcf3177a21bcbeba0329b1f /net/core/secure_seq.c | |
| parent | 95f255211396958c718aef8c45e3923b5211ea7b (diff) | |
secure_seq: downgrade to per-host timestamp offsets
Unfortunately too many devices (not under our control) use tcp_tw_recycle=1,
which depends on timestamps being identical of the same saddr.
Although tcp_tw_recycle got removed in net-next we can't make
such end hosts disappear so downgrade to per-host timestamp offsets.
Cc: Soheil Hassas Yeganeh <soheil@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Reported-by: Yvan Vanrossomme <yvan@vanrossomme.net>
Fixes: 95a22caee396c ("tcp: randomize tcp timestamp offsets for each connection")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/secure_seq.c')
| -rw-r--r-- | net/core/secure_seq.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c index 758f140b6bed..d28da7d363f1 100644 --- a/net/core/secure_seq.c +++ b/net/core/secure_seq.c | |||
| @@ -20,9 +20,11 @@ | |||
| 20 | #include <net/tcp.h> | 20 | #include <net/tcp.h> |
| 21 | 21 | ||
| 22 | static siphash_key_t net_secret __read_mostly; | 22 | static siphash_key_t net_secret __read_mostly; |
| 23 | static siphash_key_t ts_secret __read_mostly; | ||
| 23 | 24 | ||
| 24 | static __always_inline void net_secret_init(void) | 25 | static __always_inline void net_secret_init(void) |
| 25 | { | 26 | { |
| 27 | net_get_random_once(&ts_secret, sizeof(ts_secret)); | ||
| 26 | net_get_random_once(&net_secret, sizeof(net_secret)); | 28 | net_get_random_once(&net_secret, sizeof(net_secret)); |
| 27 | } | 29 | } |
| 28 | #endif | 30 | #endif |
| @@ -45,6 +47,23 @@ static u32 seq_scale(u32 seq) | |||
| 45 | #endif | 47 | #endif |
| 46 | 48 | ||
| 47 | #if IS_ENABLED(CONFIG_IPV6) | 49 | #if IS_ENABLED(CONFIG_IPV6) |
| 50 | static u32 secure_tcpv6_ts_off(const __be32 *saddr, const __be32 *daddr) | ||
| 51 | { | ||
| 52 | const struct { | ||
| 53 | struct in6_addr saddr; | ||
| 54 | struct in6_addr daddr; | ||
| 55 | } __aligned(SIPHASH_ALIGNMENT) combined = { | ||
| 56 | .saddr = *(struct in6_addr *)saddr, | ||
| 57 | .daddr = *(struct in6_addr *)daddr, | ||
| 58 | }; | ||
| 59 | |||
| 60 | if (sysctl_tcp_timestamps != 1) | ||
| 61 | return 0; | ||
| 62 | |||
| 63 | return siphash(&combined, offsetofend(typeof(combined), daddr), | ||
| 64 | &ts_secret); | ||
| 65 | } | ||
| 66 | |||
| 48 | u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr, | 67 | u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr, |
| 49 | __be16 sport, __be16 dport, u32 *tsoff) | 68 | __be16 sport, __be16 dport, u32 *tsoff) |
| 50 | { | 69 | { |
| @@ -63,7 +82,7 @@ u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr, | |||
| 63 | net_secret_init(); | 82 | net_secret_init(); |
| 64 | hash = siphash(&combined, offsetofend(typeof(combined), dport), | 83 | hash = siphash(&combined, offsetofend(typeof(combined), dport), |
| 65 | &net_secret); | 84 | &net_secret); |
| 66 | *tsoff = sysctl_tcp_timestamps == 1 ? (hash >> 32) : 0; | 85 | *tsoff = secure_tcpv6_ts_off(saddr, daddr); |
| 67 | return seq_scale(hash); | 86 | return seq_scale(hash); |
| 68 | } | 87 | } |
| 69 | EXPORT_SYMBOL(secure_tcpv6_sequence_number); | 88 | EXPORT_SYMBOL(secure_tcpv6_sequence_number); |
| @@ -88,6 +107,14 @@ EXPORT_SYMBOL(secure_ipv6_port_ephemeral); | |||
| 88 | #endif | 107 | #endif |
| 89 | 108 | ||
| 90 | #ifdef CONFIG_INET | 109 | #ifdef CONFIG_INET |
| 110 | static u32 secure_tcp_ts_off(__be32 saddr, __be32 daddr) | ||
| 111 | { | ||
| 112 | if (sysctl_tcp_timestamps != 1) | ||
| 113 | return 0; | ||
| 114 | |||
| 115 | return siphash_2u32((__force u32)saddr, (__force u32)daddr, | ||
| 116 | &ts_secret); | ||
| 117 | } | ||
| 91 | 118 | ||
| 92 | /* secure_tcp_sequence_number(a, b, 0, d) == secure_ipv4_port_ephemeral(a, b, d), | 119 | /* secure_tcp_sequence_number(a, b, 0, d) == secure_ipv4_port_ephemeral(a, b, d), |
| 93 | * but fortunately, `sport' cannot be 0 in any circumstances. If this changes, | 120 | * but fortunately, `sport' cannot be 0 in any circumstances. If this changes, |
| @@ -103,7 +130,7 @@ u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, | |||
| 103 | hash = siphash_3u32((__force u32)saddr, (__force u32)daddr, | 130 | hash = siphash_3u32((__force u32)saddr, (__force u32)daddr, |
| 104 | (__force u32)sport << 16 | (__force u32)dport, | 131 | (__force u32)sport << 16 | (__force u32)dport, |
| 105 | &net_secret); | 132 | &net_secret); |
| 106 | *tsoff = sysctl_tcp_timestamps == 1 ? (hash >> 32) : 0; | 133 | *tsoff = secure_tcp_ts_off(saddr, daddr); |
| 107 | return seq_scale(hash); | 134 | return seq_scale(hash); |
| 108 | } | 135 | } |
| 109 | 136 | ||