87c48fa3b4
IPv6 fragment identification generation is way beyond what we use for IPv4 : It uses a single generator. Its not scalable and allows DOS attacks. Now inetpeer is IPv6 aware, we can use it to provide a more secure and scalable frag ident generator (per destination, instead of system wide) This patch : 1) defines a new secure_ipv6_id() helper 2) extends inet_getid() to provide 32bit results 3) extends ipv6_select_ident() with a new dest parameter Reported-by: Fernando Gont <fernando@gont.com.ar> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
108 lines
2.7 KiB
C
108 lines
2.7 KiB
C
/*
|
|
* include/linux/random.h
|
|
*
|
|
* Include file for the random number generator.
|
|
*/
|
|
|
|
#ifndef _LINUX_RANDOM_H
|
|
#define _LINUX_RANDOM_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/ioctl.h>
|
|
#include <linux/irqnr.h>
|
|
|
|
/* ioctl()'s for the random number generator */
|
|
|
|
/* Get the entropy count. */
|
|
#define RNDGETENTCNT _IOR( 'R', 0x00, int )
|
|
|
|
/* Add to (or subtract from) the entropy count. (Superuser only.) */
|
|
#define RNDADDTOENTCNT _IOW( 'R', 0x01, int )
|
|
|
|
/* Get the contents of the entropy pool. (Superuser only.) */
|
|
#define RNDGETPOOL _IOR( 'R', 0x02, int [2] )
|
|
|
|
/*
|
|
* Write bytes into the entropy pool and add to the entropy count.
|
|
* (Superuser only.)
|
|
*/
|
|
#define RNDADDENTROPY _IOW( 'R', 0x03, int [2] )
|
|
|
|
/* Clear entropy count to 0. (Superuser only.) */
|
|
#define RNDZAPENTCNT _IO( 'R', 0x04 )
|
|
|
|
/* Clear the entropy pool and associated counters. (Superuser only.) */
|
|
#define RNDCLEARPOOL _IO( 'R', 0x06 )
|
|
|
|
struct rand_pool_info {
|
|
int entropy_count;
|
|
int buf_size;
|
|
__u32 buf[0];
|
|
};
|
|
|
|
struct rnd_state {
|
|
__u32 s1, s2, s3;
|
|
};
|
|
|
|
/* Exported functions */
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
extern void rand_initialize_irq(int irq);
|
|
|
|
extern void add_input_randomness(unsigned int type, unsigned int code,
|
|
unsigned int value);
|
|
extern void add_interrupt_randomness(int irq);
|
|
|
|
extern void get_random_bytes(void *buf, int nbytes);
|
|
void generate_random_uuid(unsigned char uuid_out[16]);
|
|
|
|
extern __u32 secure_ip_id(__be32 daddr);
|
|
extern __u32 secure_ipv6_id(const __be32 daddr[4]);
|
|
extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
|
|
extern u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
|
|
__be16 dport);
|
|
extern __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
|
|
__be16 sport, __be16 dport);
|
|
extern __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr,
|
|
__be16 sport, __be16 dport);
|
|
extern u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
|
|
__be16 sport, __be16 dport);
|
|
|
|
#ifndef MODULE
|
|
extern const struct file_operations random_fops, urandom_fops;
|
|
#endif
|
|
|
|
unsigned int get_random_int(void);
|
|
unsigned long randomize_range(unsigned long start, unsigned long end, unsigned long len);
|
|
|
|
u32 random32(void);
|
|
void srandom32(u32 seed);
|
|
|
|
u32 prandom32(struct rnd_state *);
|
|
|
|
/*
|
|
* Handle minimum values for seeds
|
|
*/
|
|
static inline u32 __seed(u32 x, u32 m)
|
|
{
|
|
return (x < m) ? x + m : x;
|
|
}
|
|
|
|
/**
|
|
* prandom32_seed - set seed for prandom32().
|
|
* @state: pointer to state structure to receive the seed.
|
|
* @seed: arbitrary 64-bit value to use as a seed.
|
|
*/
|
|
static inline void prandom32_seed(struct rnd_state *state, u64 seed)
|
|
{
|
|
u32 i = (seed >> 32) ^ (seed << 10) ^ seed;
|
|
|
|
state->s1 = __seed(i, 1);
|
|
state->s2 = __seed(i, 7);
|
|
state->s3 = __seed(i, 15);
|
|
}
|
|
|
|
#endif /* __KERNEL___ */
|
|
|
|
#endif /* _LINUX_RANDOM_H */
|