git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit

author	Eric Dumazet <edumazet@google.com>
	Fri, 1 Nov 2019 17:32:19 +0000 (10:32 -0700)
committer	Stefan Bader <stefan.bader@canonical.com>
	Tue, 12 Nov 2019 17:47:37 +0000 (18:47 +0100)
commit	208f011290a01f29352651b1246e9f24462b5a42
tree	e45c17b36628a00dd8623168ea15aed0fafe6a55	tree
parent	fa303b1e33e0f2cc18622bd46749038a793087d4	commit \| diff

inet: stop leaking jiffies on the wire

BugLink: https://bugs.launchpad.net/bugs/1852111
[ Upstream commit a904a0693c189691eeee64f6c6b188bd7dc244e9 ]

Historically linux tried to stick to RFC 791, 1122, 2003
for IPv4 ID field generation.

RFC 6864 made clear that no matter how hard we try,
we can not ensure unicity of IP ID within maximum
lifetime for all datagrams with a given source
address/destination address/protocol tuple.

Linux uses a per socket inet generator (inet_id), initialized
at connection startup with a XOR of 'jiffies' and other
fields that appear clear on the wire.

Thiemo Nagel pointed that this strategy is a privacy
concern as this provides 16 bits of entropy to fingerprint
devices.

Let's switch to a random starting point, this is just as
good as far as RFC 6864 is concerned and does not leak
anything critical.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Thiemo Nagel <tnagel@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

drivers/crypto/chelsio/chtls/chtls_cm.c		diff \| blob \| blame \| history
net/dccp/ipv4.c		diff \| blob \| blame \| history
net/ipv4/datagram.c		diff \| blob \| blame \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| blame \| history
net/sctp/socket.c		diff \| blob \| blame \| history