q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/include
History
Eric Dumazet 87c48fa3b4 ipv6: make fragment identifications less predictable 
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.

Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)

This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter

Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2011-07-21 21:25:58 -07:00
..
acpi Merge branches 'd3cold', 'bugzilla-37412' and 'bugzilla-38152' into release 2011-07-14 00:16:38 -04:00
asm-generic
crypto net: remove mm.h inclusion from netdevice.h 2011-06-21 19:17:20 -07:00
drm drm/radeon/kms: add new NI pci ids 2011-07-15 16:10:55 +01:00
keys
linux ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
math-emu
media [media] tuner-core/v4l2-subdev: document that the type field has to be filled in 2011-07-07 15:04:23 -03:00
mtd
net ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
pcmcia
rdma
rxrpc
scsi
sound ALSA: sb16 - Fix build errors on MIPS and others with 13bit ioctl size 2011-06-30 15:33:57 +02:00
target
trace Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-05 23:23:37 -07:00
video
xen
Kbuild