]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit
projects / mirror_ubuntu-jammy-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8c7539b) | patch
tcp: resalt the secret every 10 seconds
authorEric Dumazet <edumazet@google.com>
Mon, 2 May 2022 08:46:10 +0000 (10:46 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 10 Aug 2022 07:22:14 +0000 (09:22 +0200)
commit293cd7dd17e395402787629d84374269f8d9a261
tree4694f0c00ecbe728985ea6ee6f9f34cc2acc1f9atree
parent8c7539bd74f21771132537e9b58b61e463159cc4commit | diff
tcp: resalt the secret every 10 seconds

BugLink: https://bugs.launchpad.net/bugs/1980278
[ Upstream commit 4dfa9b438ee34caca4e6a4e5e961641807367f6f ]

In order to limit the ability for an observer to recognize the source
ports sequence used to contact a set of destinations, we should
periodically shuffle the secret. 10 seconds looks effective enough
without causing particular issues.

Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
net/core/secure_seq.c diff | blob | blame | history
Ubuntu Jammy Linux kernel mirror