aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2011-07-22 00:25:58 -0400
committerDavid S. Miller <davem@davemloft.net>2011-07-22 00:25:58 -0400
commit87c48fa3b4630905f98268dde838ee43626a060c (patch)
tree1374b52ed0514682f836cfa0a6a683eb549c9613 /include/net
parent21efcfa0ff27776902a8a15e810147be4d937d69 (diff)
ipv6: make fragment identifications less predictable
IPv6 fragment identification generation is way beyond what we use for IPv4 : It uses a single generator. Its not scalable and allows DOS attacks. Now inetpeer is IPv6 aware, we can use it to provide a more secure and scalable frag ident generator (per destination, instead of system wide) This patch : 1) defines a new secure_ipv6_id() helper 2) extends inet_getid() to provide 32bit results 3) extends ipv6_select_ident() with a new dest parameter Reported-by: Fernando Gont <fernando@gont.com.ar> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/inetpeer.h13
-rw-r--r--include/net/ipv6.h12
2 files changed, 11 insertions, 14 deletions
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
index 39d123081e7e..4233e6f9841d 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -71,7 +71,7 @@ static inline bool inet_metrics_new(const struct inet_peer *p)
71} 71}
72 72
73/* can be called with or without local BH being disabled */ 73/* can be called with or without local BH being disabled */
74struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create); 74struct inet_peer *inet_getpeer(const struct inetpeer_addr *daddr, int create);
75 75
76static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create) 76static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create)
77{ 77{
@@ -106,11 +106,18 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
106 106
107 107
108/* can be called with or without local BH being disabled */ 108/* can be called with or without local BH being disabled */
109static inline __u16 inet_getid(struct inet_peer *p, int more) 109static inline int inet_getid(struct inet_peer *p, int more)
110{ 110{
111 int old, new;
111 more++; 112 more++;
112 inet_peer_refcheck(p); 113 inet_peer_refcheck(p);
113 return atomic_add_return(more, &p->ip_id_count) - more; 114 do {
115 old = atomic_read(&p->ip_id_count);
116 new = old + more;
117 if (!new)
118 new = 1;
119 } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old);
120 return new;
114} 121}
115 122
116#endif /* _NET_INETPEER_H */ 123#endif /* _NET_INETPEER_H */
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index c033ed00df7d..3b5ac1fbff39 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -463,17 +463,7 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add
463 return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); 463 return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
464} 464}
465 465
466static __inline__ void ipv6_select_ident(struct frag_hdr *fhdr) 466extern void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt);
467{
468 static u32 ipv6_fragmentation_id = 1;
469 static DEFINE_SPINLOCK(ip6_id_lock);
470
471 spin_lock_bh(&ip6_id_lock);
472 fhdr->identification = htonl(ipv6_fragmentation_id);
473 if (++ipv6_fragmentation_id == 0)
474 ipv6_fragmentation_id = 1;
475 spin_unlock_bh(&ip6_id_lock);
476}
477 467
478/* 468/*
479 * Prototypes exported by ipv6 469 * Prototypes exported by ipv6