armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
896920af5b2a1abdebccf7ffb80098c6354020ca
linux/include/net/transp_v6.h
Eric Dumazet ef81bb40bf ipv6: make fragment identifications less predictable 
[ Backport of upstream commit 87c48fa3b4 ]

Fernando Gont reported current IPv6 fragment identification generation
was not secure, because using a very predictable system-wide generator,
allowing various attacks.

IPv4 uses inetpeer cache to address this problem and to get good
performance. We'll use this mechanism when IPv6 inetpeer is stable
enough in linux-3.1

For the time being, we use jhash on destination address to provide less
predictable identifications. Also remove a spinlock and use cmpxchg() to
get better SMP performance.

Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-08-15 18:31:37 -07:00

60 lines
1.4 KiB
C
Raw Blame History

#ifndef _TRANSP_V6_H
#define _TRANSP_V6_H
#include <net/checksum.h>
/*
* IPv6 transport protocols
*/
extern struct proto rawv6_prot;
extern struct proto udpv6_prot;
extern struct proto udplitev6_prot;
extern struct proto tcpv6_prot;
struct flowi6;
extern void initialize_hashidentrnd(void);
/* extension headers */
extern int ipv6_exthdrs_init(void);
extern void ipv6_exthdrs_exit(void);
extern int ipv6_frag_init(void);
extern void ipv6_frag_exit(void);
/* transport protocols */
extern int rawv6_init(void);
extern void rawv6_exit(void);
extern int udpv6_init(void);
extern void udpv6_exit(void);
extern int udplitev6_init(void);
extern void udplitev6_exit(void);
extern int tcpv6_init(void);
extern void tcpv6_exit(void);
extern int udpv6_connect(struct sock *sk,
struct sockaddr *uaddr,
int addr_len);
extern int datagram_recv_ctl(struct sock *sk,
struct msghdr *msg,
struct sk_buff *skb);
extern int datagram_send_ctl(struct net *net,
struct msghdr *msg,
struct flowi6 *fl6,
struct ipv6_txoptions *opt,
int *hlimit, int *tclass,
int *dontfrag);
#define LOOPBACK4_IPV6 cpu_to_be32(0x7f000006)
/*
* address family specific functions
*/
extern const struct inet_connection_sock_af_ops ipv4_specific;
extern void inet6_destroy_sock(struct sock *sk);
#endif
Reference in New Issue View Git Blame Copy Permalink