diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-07-22 00:25:58 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-07-22 00:25:58 -0400 |
| commit | 87c48fa3b4630905f98268dde838ee43626a060c (patch) | |
| tree | 1374b52ed0514682f836cfa0a6a683eb549c9613 /include/net | |
| parent | 21efcfa0ff27776902a8a15e810147be4d937d69 (diff) | |
ipv6: make fragment identifications less predictable
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.
Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)
This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter
Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/inetpeer.h | 13 | ||||
| -rw-r--r-- | include/net/ipv6.h | 12 |
2 files changed, 11 insertions, 14 deletions
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 39d123081e7e..4233e6f9841d 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h | |||
| @@ -71,7 +71,7 @@ static inline bool inet_metrics_new(const struct inet_peer *p) | |||
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | /* can be called with or without local BH being disabled */ | 73 | /* can be called with or without local BH being disabled */ |
| 74 | struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create); | 74 | struct inet_peer *inet_getpeer(const struct inetpeer_addr *daddr, int create); |
| 75 | 75 | ||
| 76 | static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create) | 76 | static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create) |
| 77 | { | 77 | { |
| @@ -106,11 +106,18 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) | |||
| 106 | 106 | ||
| 107 | 107 | ||
| 108 | /* can be called with or without local BH being disabled */ | 108 | /* can be called with or without local BH being disabled */ |
| 109 | static inline __u16 inet_getid(struct inet_peer *p, int more) | 109 | static inline int inet_getid(struct inet_peer *p, int more) |
| 110 | { | 110 | { |
| 111 | int old, new; | ||
| 111 | more++; | 112 | more++; |
| 112 | inet_peer_refcheck(p); | 113 | inet_peer_refcheck(p); |
| 113 | return atomic_add_return(more, &p->ip_id_count) - more; | 114 | do { |
| 115 | old = atomic_read(&p->ip_id_count); | ||
| 116 | new = old + more; | ||
| 117 | if (!new) | ||
| 118 | new = 1; | ||
| 119 | } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old); | ||
| 120 | return new; | ||
| 114 | } | 121 | } |
| 115 | 122 | ||
| 116 | #endif /* _NET_INETPEER_H */ | 123 | #endif /* _NET_INETPEER_H */ |
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index c033ed00df7d..3b5ac1fbff39 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
| @@ -463,17 +463,7 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add | |||
| 463 | return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); | 463 | return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); |
| 464 | } | 464 | } |
| 465 | 465 | ||
| 466 | static __inline__ void ipv6_select_ident(struct frag_hdr *fhdr) | 466 | extern void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt); |
| 467 | { | ||
| 468 | static u32 ipv6_fragmentation_id = 1; | ||
| 469 | static DEFINE_SPINLOCK(ip6_id_lock); | ||
| 470 | |||
| 471 | spin_lock_bh(&ip6_id_lock); | ||
| 472 | fhdr->identification = htonl(ipv6_fragmentation_id); | ||
| 473 | if (++ipv6_fragmentation_id == 0) | ||
| 474 | ipv6_fragmentation_id = 1; | ||
| 475 | spin_unlock_bh(&ip6_id_lock); | ||
| 476 | } | ||
| 477 | 467 | ||
| 478 | /* | 468 | /* |
| 479 | * Prototypes exported by ipv6 | 469 | * Prototypes exported by ipv6 |