linux/net/ipv6
David S. Miller 6e5714eaf7 net: Compute protocol sequence numbers and fragment IDs using MD5.
Computers have become a lot faster since we compromised on the
partial MD4 hash which we use currently for performance reasons.

MD5 is a much safer choice, and is inline with both RFC1948 and
other ISS generators (OpenBSD, Solaris, etc.)

Furthermore, only having 24-bits of the sequence number be truly
unpredictable is a very serious limitation.  So the periodic
regeneration and 8-bit counter have been removed.  We compute and
use a full 32-bit sequence number.

For ipv6, DCCP was found to use a 32-bit truncated initial sequence
number (it needs 43-bits) and that is fixed here as well.

Reported-by: Dan Kaminsky <dan@doxpara.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-06 18:33:19 -07:00
..
netfilter netfilter: fix looped (broad|multi)cast's MAC handling 2011-06-16 17:27:04 +02:00
Kconfig ipv6: ip6mr: support multiple tables 2010-05-11 14:40:55 +02:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
addrconf.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
addrconf_core.c ipv6: Remove IPV6_ADDR_RESERVED 2010-02-26 03:59:07 -08:00
addrlabel.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
af_inet6.c net: bind() fix error return on wrong address family 2011-07-04 21:37:41 -07:00
ah6.c xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb 2011-03-13 20:22:28 -07:00
anycast.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
datagram.c ipv6: check for IPv4 mapped addresses when connecting IPv6 sockets 2011-08-05 03:56:30 -07:00
esp6.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
exthdrs.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
exthdrs_core.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
fib6_rules.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
icmp.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
inet6_connection_sock.c inet: Pass flowi to ->queue_xmit(). 2011-05-08 15:28:28 -07:00
inet6_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip6_fib.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
ip6_flowlabel.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
ip6_input.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ip6_output.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
ip6_tunnel.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
ip6mr.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
ipcomp6.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipv6_sockglue.c ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
mcast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
mip6.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ndisc.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
netfilter.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
proc.c ipv6: reduce per device ICMP mib sizes 2011-05-19 16:21:22 -04:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c ipv6: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
reassembly.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
route.c net: fix NULL dereferences in check_peer_redir() 2011-08-03 03:34:12 -07:00
sit.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
syncookies.c tcp: RFC2988bis + taking RTT sample from 3WHS for the passive open side 2011-06-08 17:05:30 -07:00
sysctl_net_ipv6.c net ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries. 2011-03-21 18:23:34 -07:00
tcp_ipv6.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
tunnel6.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
udp.c ipv6: make fragment identifications less predictable 2011-07-21 21:25:58 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
xfrm6_output.c xfrm: Assign the inner mode output function to the dst entry 2011-05-10 15:03:34 -07:00
xfrm6_policy.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
xfrm6_state.c xfrm: Assign the inner mode output function to the dst entry 2011-05-10 15:03:34 -07:00
xfrm6_tunnel.c ipv6: Fix return of xfrm6_tunnel_rcv() 2011-05-24 01:11:51 -04:00