linux/net/ipv6
Eric Dumazet 87c48fa3b4 ipv6: make fragment identifications less predictable
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.

Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)

This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter

Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-07-21 21:25:58 -07:00
..
netfilter netfilter: fix looped (broad|multi)cast's MAC handling 2011-06-16 17:27:04 +02:00
addrconf_core.c ipv6: Remove IPV6_ADDR_RESERVED 2010-02-26 03:59:07 -08:00
addrconf.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
addrlabel.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
af_inet6.c net: bind() fix error return on wrong address family 2011-07-04 21:37:41 -07:00
ah6.c xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb 2011-03-13 20:22:28 -07:00
anycast.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
datagram.c net: Put fl6_* macros to struct flowi6 and use them again. 2011-03-12 15:08:55 -08:00
esp6.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
exthdrs_core.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
exthdrs.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
fib6_rules.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
icmp.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
inet6_connection_sock.c inet: Pass flowi to ->queue_xmit(). 2011-05-08 15:28:28 -07:00
inet6_hashtables.c Kill off warning: ‘inline’ is not at beginning of declaration 2011-01-19 15:43:08 +01:00
ip6_fib.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
ip6_flowlabel.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
ip6_input.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ip6_output.c ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
ip6_tunnel.c net: call dev_alloc_name from register_netdevice 2011-05-05 10:57:45 -07:00
ip6mr.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
ipcomp6.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipv6_sockglue.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
Kconfig ipv6: ip6mr: support multiple tables 2010-05-11 14:40:55 +02:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
mip6.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ndisc.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
netfilter.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
proc.c ipv6: reduce per device ICMP mib sizes 2011-05-19 16:21:22 -04:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c ipv6: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
reassembly.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
route.c ipv6: unshare inetpeers 2011-07-21 21:24:25 -07:00
sit.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
syncookies.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
sysctl_net_ipv6.c net ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries. 2011-03-21 18:23:34 -07:00
tcp_ipv6.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-20 22:29:08 -07:00
tunnel6.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
xfrm6_output.c xfrm: Assign the inner mode output function to the dst entry 2011-05-10 15:03:34 -07:00
xfrm6_policy.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
xfrm6_state.c xfrm: Assign the inner mode output function to the dst entry 2011-05-10 15:03:34 -07:00
xfrm6_tunnel.c ipv6: Fix return of xfrm6_tunnel_rcv() 2011-05-24 01:11:51 -04:00