diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-07-22 00:25:58 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-07-22 00:25:58 -0400 |
commit | 87c48fa3b4630905f98268dde838ee43626a060c (patch) | |
tree | 1374b52ed0514682f836cfa0a6a683eb549c9613 /include/net | |
parent | 21efcfa0ff27776902a8a15e810147be4d937d69 (diff) |
ipv6: make fragment identifications less predictable
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.
Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)
This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter
Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/inetpeer.h | 13 | ||||
-rw-r--r-- | include/net/ipv6.h | 12 |
2 files changed, 11 insertions, 14 deletions
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 39d123081e7e..4233e6f9841d 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h | |||
@@ -71,7 +71,7 @@ static inline bool inet_metrics_new(const struct inet_peer *p) | |||
71 | } | 71 | } |
72 | 72 | ||
73 | /* can be called with or without local BH being disabled */ | 73 | /* can be called with or without local BH being disabled */ |
74 | struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create); | 74 | struct inet_peer *inet_getpeer(const struct inetpeer_addr *daddr, int create); |
75 | 75 | ||
76 | static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create) | 76 | static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create) |
77 | { | 77 | { |
@@ -106,11 +106,18 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) | |||
106 | 106 | ||
107 | 107 | ||
108 | /* can be called with or without local BH being disabled */ | 108 | /* can be called with or without local BH being disabled */ |
109 | static inline __u16 inet_getid(struct inet_peer *p, int more) | 109 | static inline int inet_getid(struct inet_peer *p, int more) |
110 | { | 110 | { |
111 | int old, new; | ||
111 | more++; | 112 | more++; |
112 | inet_peer_refcheck(p); | 113 | inet_peer_refcheck(p); |
113 | return atomic_add_return(more, &p->ip_id_count) - more; | 114 | do { |
115 | old = atomic_read(&p->ip_id_count); | ||
116 | new = old + more; | ||
117 | if (!new) | ||
118 | new = 1; | ||
119 | } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old); | ||
120 | return new; | ||
114 | } | 121 | } |
115 | 122 | ||
116 | #endif /* _NET_INETPEER_H */ | 123 | #endif /* _NET_INETPEER_H */ |
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index c033ed00df7d..3b5ac1fbff39 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
@@ -463,17 +463,7 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add | |||
463 | return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); | 463 | return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); |
464 | } | 464 | } |
465 | 465 | ||
466 | static __inline__ void ipv6_select_ident(struct frag_hdr *fhdr) | 466 | extern void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt); |
467 | { | ||
468 | static u32 ipv6_fragmentation_id = 1; | ||
469 | static DEFINE_SPINLOCK(ip6_id_lock); | ||
470 | |||
471 | spin_lock_bh(&ip6_id_lock); | ||
472 | fhdr->identification = htonl(ipv6_fragmentation_id); | ||
473 | if (++ipv6_fragmentation_id == 0) | ||
474 | ipv6_fragmentation_id = 1; | ||
475 | spin_unlock_bh(&ip6_id_lock); | ||
476 | } | ||
477 | 467 | ||
478 | /* | 468 | /* |
479 | * Prototypes exported by ipv6 | 469 | * Prototypes exported by ipv6 |