linux/net/ipv6
Eric Dumazet 04ca6973f7 ip: make IP identifiers less predictable
In "Counting Packets Sent Between Arbitrary Internet Hosts", Jeffrey and
Jedidiah describe ways exploiting linux IP identifier generation to
infer whether two machines are exchanging packets.

With commit 73f156a6e8 ("inetpeer: get rid of ip_id_count"), we
changed IP id generation, but this does not really prevent this
side-channel technique.

This patch adds a random amount of perturbation so that IP identifiers
for a given destination [1] are no longer monotonically increasing after
an idle period.

Note that prandom_u32_max(1) returns 0, so if generator is used at most
once per jiffy, this patch inserts no hole in the ID suite and do not
increase collision probability.

This is jiffies based, so in the worst case (HZ=1000), the id can
rollover after ~65 seconds of idle time, which should be fine.

We also change the hash used in __ip_select_ident() to not only hash
on daddr, but also saddr and protocol, so that ICMP probes can not be
used to infer information for other protocols.

For IPv6, adds saddr into the hash as well, but not nexthdr.

If I ping the patched target, we can see ID are now hard to predict.

21:57:11.008086 IP (...)
    A > target: ICMP echo request, seq 1, length 64
21:57:11.010752 IP (... id 2081 ...)
    target > A: ICMP echo reply, seq 1, length 64

21:57:12.013133 IP (...)
    A > target: ICMP echo request, seq 2, length 64
21:57:12.015737 IP (... id 3039 ...)
    target > A: ICMP echo reply, seq 2, length 64

21:57:13.016580 IP (...)
    A > target: ICMP echo request, seq 3, length 64
21:57:13.019251 IP (... id 3437 ...)
    target > A: ICMP echo reply, seq 3, length 64

[1] TCP sessions uses a per flow ID generator not changed by this patch.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jeffrey Knockel <jeffk@cs.unm.edu>
Reported-by: Jedidiah R. Crandall <crandall@cs.unm.edu>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Hannes Frederic Sowa <hannes@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-28 18:46:34 -07:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-05-30 17:54:47 -07:00
addrconf_core.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
addrconf.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
addrlabel.c ipv6:fix checkpatch errors with assignment in if condition 2014-02-17 16:57:29 -05:00
af_inet6.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
ah6.c ah6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
anycast.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
datagram.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
esp6.c esp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
exthdrs_core.c ipv6: ipv6_find_hdr restore prev functionality 2014-02-27 18:27:26 -05:00
exthdrs_offload.c ipv6: Fix exthdrs offload registration. 2014-03-06 16:35:55 -05:00
exthdrs.c ipv6/exthdrs: accept tlv which includes only padding 2013-09-11 15:52:27 -04:00
fib6_rules.c ipv6: move IPV6_TCLASS_SHIFT into ipv6.h and define a helper 2014-01-15 15:53:18 -08:00
icmp.c net: add a sysctl to reflect the fwmark on replies 2014-05-13 18:35:08 -04:00
inet6_connection_sock.c net: support marking accepting TCP sockets 2014-05-13 18:35:09 -04:00
inet6_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
ip6_checksum.c udp: Generic functions to set checksum 2014-06-04 22:46:38 -07:00
ip6_fib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-12 13:19:14 -04:00
ip6_flowlabel.c net: ipv6: Introduce ip6_sk_dst_hoplimit. 2014-04-30 13:31:26 -04:00
ip6_gre.c gre6: Call skb_checksum_simple_validate 2014-05-08 23:47:50 -04:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c net: Fix memory leak if TPROXY used with TCP early demux 2014-01-27 16:22:11 -08:00
ip6_offload.c gre: Call gso_make_checksum 2014-06-04 22:46:38 -07:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ip: make IP identifiers less predictable 2014-07-28 18:46:34 -07:00
ip6_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
ip6_vti.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
ip6mr.c net: ipv6: more places need LOOPBACK_IFINDEX for flowi6_iif 2014-04-28 14:47:03 -04:00
ipcomp6.c ipcomp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
ipv6_sockglue.c ipv6: yet another new IPV6_MTU_DISCOVER option IPV6_PMTUDISC_OMIT 2014-02-26 15:51:01 -05:00
Kconfig ip6_vti: Fix build when NET_IP_TUNNEL is not set. 2014-02-20 14:29:49 +01:00
Makefile xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
mcast.c ipv6: Fix MLD Query message check 2014-06-27 00:21:50 -07:00
mip6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ndisc.c ipv6: update Destination Cache entries when gateway turn into host 2014-05-15 23:26:27 -04:00
netfilter.c netfilter: Fix potential use after free in ip6_route_me_harder() 2014-05-09 02:36:39 +02:00
output_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-06-11 16:02:55 -07:00
ping.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
proc.c snmp: fix some left over of snmp stats 2014-05-14 15:33:47 -04:00
protocol.c net: remove outdated comment for ipv4 and ipv6 protocol handler 2013-11-28 18:47:51 -05:00
raw.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
reassembly.c ipv6: split inet6_hash_frag for netfilter and initialize secrets with net_get_random_once 2013-10-23 17:01:40 -04:00
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
sit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-06-11 16:02:55 -07:00
syncookies.c net: support marking accepting TCP sockets 2014-05-13 18:35:09 -04:00
sysctl_net_ipv6.c net: add a sysctl to reflect the fwmark on replies 2014-05-13 18:35:08 -04:00
tcp_ipv6.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
tcpv6_offload.c net-gre-gro: Fix a bug that breaks the forwarding path 2014-07-16 14:45:26 -07:00
tunnel6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c gre: Call gso_make_checksum 2014-06-04 22:46:38 -07:00
udp.c udp: Add MIB counters for rcvbuferrors 2014-06-27 00:20:55 -07:00
udplite.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
xfrm6_input.c
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Remove xfrm_tunnel_notifier 2014-03-14 07:28:08 +01:00
xfrm6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
xfrm6_policy.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_protocol.c xfrm6: Properly handle unsupported protocols 2014-05-06 07:08:38 +02:00
xfrm6_state.c xfrm: make local error reporting more robust 2013-08-14 13:07:12 +02:00
xfrm6_tunnel.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00