git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Eric Dumazet <edumazet@google.com>
	Wed, 27 Mar 2019 19:40:33 +0000 (12:40 -0700)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Wed, 14 Aug 2019 09:18:49 +0000 (11:18 +0200)
commit	14bc2d0534beb9ad1e72ac270936c28cece251bc
tree	8118b2c24691bb8f47747d84e519c12c341763c7	tree
parent	8b5384453e7b9729958e39d0e03c375927fc4ca6	commit \| diff

inet: switch IP ID generator to siphash

BugLink: https://bugs.launchpad.net/bugs/1838700
[ Upstream commit df453700e8d81b1bdafdf684365ee2b9431fb702 ]

According to Amit Klein and Benny Pinkas, IP ID generation is too weak
and might be used by attackers.

Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
having 64bit key and Jenkins hash is risky.

It is time to switch to siphash and its 128bit keys.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reported-by: Benny Pinkas <benny@pinkas.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

include/linux/siphash.h		diff \| blob \| blame \| history
include/net/netns/ipv4.h		diff \| blob \| blame \| history
net/ipv4/route.c		diff \| blob \| blame \| history
net/ipv6/output_core.c		diff \| blob \| blame \| history