OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/ipv6
History
Eric Dumazet f73cbdd1b8 ipv6: make exception cache less predictible 
[ Upstream commit a00df2caffed3883c341d5685f830434312e4a43 ]

Even after commit 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()"),
an attacker can still use brute force to learn some secrets from a victim
linux host.

One way to defeat these attacks is to make the max depth of the hash
table bucket a random value.

Before this patch, each bucket of the hash table used to store exceptions
could contain 6 items under attack.

After the patch, each bucket would contains a random number of items,
between 6 and 10. The attacker can no longer infer secrets.

This is slightly increasing memory size used by the hash table,
we do not expect this to be a problem.

Following patch is dealing with the same issue in IPv4.

Fixes: 35732d01fe ("ipv6: introduce a hash table to store dst cache")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Wei Wang <weiwan@google.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2021-09-15 09:47:37 +02:00
..
ila
netfilter netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:46:38 +02:00
Kconfig net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC 2020-09-26 18:03:13 +02:00
Makefile
addrconf.c net: ipv4: Remove unneed BUG() function 2021-06-30 08:47:46 -04:00
addrconf_core.c net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-18 16:08:42 +01:00
addrlabel.c ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init 2020-12-08 10:40:23 +01:00
af_inet6.c net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-18 16:08:42 +01:00
ah6.c ah6: fix error return code in ah6_input() 2020-11-24 13:28:55 +01:00
anycast.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-08-11 15:33:39 +02:00
calipso.c cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-17 17:03:35 +01:00
datagram.c net: ipv6: add net argument to ip6_dst_lookup_flow 2019-12-18 16:08:40 +01:00
esp6.c xfrm: xfrm_state_mtu should return at least 1280 for ipv6 2021-07-14 16:53:26 +02:00
esp6_offload.c esp: delete NETIF_F_SCTP_CRC bit from features for esp offload 2021-04-14 08:24:13 +02:00
exthdrs.c ipv6: fix out-of-bound access in ip6_parse_tlv() 2021-07-14 16:53:33 +02:00
exthdrs_core.c
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule 2019-09-26 09:34:25 +02:00
fou6.c
icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 10:26:53 +01:00
inet6_connection_sock.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
inet6_hashtables.c net: annotate accesses to sk->sk_incoming_cpu 2019-10-30 13:24:25 -07:00
ip6_checksum.c
ip6_fib.c ipv6: fix suspecious RCU usage warning 2021-03-30 14:35:25 +02:00
ip6_flowlabel.c
ip6_gre.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 11:38:30 +02:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 10:26:53 +01:00
ip6_input.c ipv6: weaken the v4mapped source check 2021-04-07 14:47:38 +02:00
ip6_offload.c
ip6_offload.h
ip6_output.c ipv6: ip6_finish_output2: set sk into newly allocated nskb 2021-07-31 08:19:39 +02:00
ip6_tunnel.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 11:38:30 +02:00
ip6_udp_tunnel.c
ip6_vti.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 11:38:30 +02:00
ip6mr.c net: don't return invalid table id error when we fall back to PF_UNSPEC 2020-06-03 08:20:41 +02:00
ipcomp6.c
ipv6_sockglue.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-08-11 15:33:39 +02:00
mcast.c mld: fix panic in mld_newpack() 2021-06-03 08:59:14 +02:00
mcast_snoop.c net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-05-14 09:44:32 +02:00
mip6.c
ndisc.c Exempt multicast addresses from five-second neighbor lifetime 2020-11-24 13:28:56 +01:00
netfilter.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-11-18 19:20:17 +01:00
output_core.c ipv6: use prandom_u32() for ID generation 2021-07-19 08:53:09 +02:00
ping.c ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' 2019-09-12 11:20:33 +01:00
proc.c
protocol.c
raw.c net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() 2021-04-14 08:24:12 +02:00
reassembly.c ipv6: record frag_max_size in atomic fragments in input path 2021-06-03 08:59:15 +02:00
route.c ipv6: make exception cache less predictible 2021-09-15 09:47:37 +02:00
seg6.c
seg6_hmac.c
seg6_iptunnel.c
seg6_local.c ipv6: sr: remove SKB_GSO_IPXIP6 on End.D* actions 2020-01-29 16:45:20 +01:00
sit.c ipv6: remove extra dev_hold() for fallback tunnels 2021-05-22 11:38:30 +02:00
syncookies.c net: Update window_clamp if SOCK_RCVBUF is set 2020-11-18 19:20:32 +01:00
sysctl_net_ipv6.c ipv6: Fix sysctl max for fib_multipath_hash_policy 2020-09-12 14:18:55 +02:00
tcp_ipv6.c ipv6: tcp: drop silly ICMPv6 packet too big messages 2021-07-25 14:35:15 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udp: annotate data races around unix_sk(sk)->gso_size 2021-07-25 14:35:15 +02:00
udp_impl.h
udp_offload.c
udplite.c
xfrm6_input.c
xfrm6_output.c net: ipv6: fix return value of ip6_skb_dst_mtu 2021-07-25 14:35:14 +02:00
xfrm6_policy.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c