3 files changed, 32 insertions, 13 deletions

diff --git a/include/net/ip.h b/include/net/ip.h
index 0e795df05ec9..7596eb22e1ce 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -309,16 +309,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb)
         }
 }
 
-#define IP_IDENTS_SZ 2048u
-extern atomic_t *ip_idents;
-
-static inline u32 ip_idents_reserve(u32 hash, int segs)
-{
-        atomic_t *id_ptr = ip_idents + hash % IP_IDENTS_SZ;
-
-        return atomic_add_return(segs, id_ptr) - segs;
-}
-
+u32 ip_idents_reserve(u32 hash, int segs);
 void __ip_select_ident(struct iphdr *iph, int segs);
 
 static inline void ip_select_ident_segs(struct sk_buff *skb, struct sock *sk, int segs)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 3162ea923ded..190199851c9a 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -457,8 +457,31 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
         return neigh_create(&arp_tbl, pkey, dev);
 }
 
-atomic_t *ip_idents __read_mostly;
-EXPORT_SYMBOL(ip_idents);
+#define IP_IDENTS_SZ 2048u
+struct ip_ident_bucket {
+        atomic_t        id;
+        u32             stamp32;
+};
+
+static struct ip_ident_bucket *ip_idents __read_mostly;
+
+/* In order to protect privacy, we add a perturbation to identifiers
+ * if one generator is seldom used. This makes hard for an attacker
+ * to infer how many packets were sent between two points in time.
+ */
+u32 ip_idents_reserve(u32 hash, int segs)
+{
+        struct ip_ident_bucket *bucket = ip_idents + hash % IP_IDENTS_SZ;
+        u32 old = ACCESS_ONCE(bucket->stamp32);
+        u32 now = (u32)jiffies;
+        u32 delta = 0;
+
+        if (old != now && cmpxchg(&bucket->stamp32, old, now) == old)
+                delta = prandom_u32_max(now - old);
+
+        return atomic_add_return(segs + delta, &bucket->id) - segs;
+}
+EXPORT_SYMBOL(ip_idents_reserve);
 
 void __ip_select_ident(struct iphdr *iph, int segs)
 {
@@ -467,7 +490,10 @@ void __ip_select_ident(struct iphdr *iph, int segs)
 
         net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
 
-        hash = jhash_1word((__force u32)iph->daddr, ip_idents_hashrnd);
+        hash = jhash_3words((__force u32)iph->daddr,
+                            (__force u32)iph->saddr,
+                            iph->protocol,
+                            ip_idents_hashrnd);
         id = ip_idents_reserve(hash, segs);
         iph->id = htons(id);
 }
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index cb9df0eb4023..45702b8cd141 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -545,6 +545,8 @@ static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
         net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
 
         hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
+        hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash);
+
         id = ip_idents_reserve(hash, 1);
         fhdr->identification = htonl(id);
 }