558d2bdad5
[ Upstream commit 55667441c84fa5e0911a0aac44fb059c15ba6da2 ] UDP IPv6 packets auto flowlabels are using a 32bit secret (static u32 hashrnd in net/core/flow_dissector.c) and apply jhash() over fields known by the receivers. Attackers can easily infer the 32bit secret and use this information to identify a device and/or user, since this 32bit secret is only set at boot time. Really, using jhash() to generate cookies sent on the wire is a serious security concern. Trying to change the rol32(hash, 16) in ip6_make_flowlabel() would be a dead end. Trying to periodically change the secret (like in sch_sfq.c) could change paths taken in the network for long lived flows. Let's switch to siphash, as we did in commit df453700e8d8 ("inet: switch IP ID generator to siphash") Using a cryptographically strong pseudo random function will solve this privacy issue and more generally remove other weak points in the stack. Packet schedulers using skb_get_hash_perturb() benefit from this change. Fixes:b56774163f
("ipv6: Enable auto flow labels by default") Fixes:42240901f7
("ipv6: Implement different admin modes for automatic flow labels") Fixes:67800f9b1f
("ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel") Fixes:cb1ce2ef38
("ipv6: Implement automatic flow label generation on transmit") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Berger <jonathann1@walla.com> Reported-by: Amit Klein <aksecurity@gmail.com> Reported-by: Benny Pinkas <benny@pinkas.net> Cc: Tom Herbert <tom@herbertland.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
105 lines
2.7 KiB
C
105 lines
2.7 KiB
C
/*
|
|
* Copyright (c) 2016 Qualcomm Atheros, Inc
|
|
*
|
|
* GPL v2
|
|
*
|
|
* Based on net/sched/sch_fq_codel.c
|
|
*/
|
|
#ifndef __NET_SCHED_FQ_H
|
|
#define __NET_SCHED_FQ_H
|
|
|
|
struct fq_tin;
|
|
|
|
/**
|
|
* struct fq_flow - per traffic flow queue
|
|
*
|
|
* @tin: owner of this flow. Used to manage collisions, i.e. when a packet
|
|
* hashes to an index which points to a flow that is already owned by a
|
|
* different tin the packet is destined to. In such case the implementer
|
|
* must provide a fallback flow
|
|
* @flowchain: can be linked to fq_tin's new_flows or old_flows. Used for DRR++
|
|
* (deficit round robin) based round robin queuing similar to the one
|
|
* found in net/sched/sch_fq_codel.c
|
|
* @backlogchain: can be linked to other fq_flow and fq. Used to keep track of
|
|
* fat flows and efficient head-dropping if packet limit is reached
|
|
* @queue: sk_buff queue to hold packets
|
|
* @backlog: number of bytes pending in the queue. The number of packets can be
|
|
* found in @queue.qlen
|
|
* @deficit: used for DRR++
|
|
*/
|
|
struct fq_flow {
|
|
struct fq_tin *tin;
|
|
struct list_head flowchain;
|
|
struct list_head backlogchain;
|
|
struct sk_buff_head queue;
|
|
u32 backlog;
|
|
int deficit;
|
|
};
|
|
|
|
/**
|
|
* struct fq_tin - a logical container of fq_flows
|
|
*
|
|
* Used to group fq_flows into a logical aggregate. DRR++ scheme is used to
|
|
* pull interleaved packets out of the associated flows.
|
|
*
|
|
* @new_flows: linked list of fq_flow
|
|
* @old_flows: linked list of fq_flow
|
|
*/
|
|
struct fq_tin {
|
|
struct list_head new_flows;
|
|
struct list_head old_flows;
|
|
u32 backlog_bytes;
|
|
u32 backlog_packets;
|
|
u32 overlimit;
|
|
u32 collisions;
|
|
u32 flows;
|
|
u32 tx_bytes;
|
|
u32 tx_packets;
|
|
};
|
|
|
|
/**
|
|
* struct fq - main container for fair queuing purposes
|
|
*
|
|
* @backlogs: linked to fq_flows. Used to maintain fat flows for efficient
|
|
* head-dropping when @backlog reaches @limit
|
|
* @limit: max number of packets that can be queued across all flows
|
|
* @backlog: number of packets queued across all flows
|
|
*/
|
|
struct fq {
|
|
struct fq_flow *flows;
|
|
struct list_head backlogs;
|
|
spinlock_t lock;
|
|
u32 flows_cnt;
|
|
siphash_key_t perturbation;
|
|
u32 limit;
|
|
u32 memory_limit;
|
|
u32 memory_usage;
|
|
u32 quantum;
|
|
u32 backlog;
|
|
u32 overlimit;
|
|
u32 overmemory;
|
|
u32 collisions;
|
|
};
|
|
|
|
typedef struct sk_buff *fq_tin_dequeue_t(struct fq *,
|
|
struct fq_tin *,
|
|
struct fq_flow *flow);
|
|
|
|
typedef void fq_skb_free_t(struct fq *,
|
|
struct fq_tin *,
|
|
struct fq_flow *,
|
|
struct sk_buff *);
|
|
|
|
/* Return %true to filter (drop) the frame. */
|
|
typedef bool fq_skb_filter_t(struct fq *,
|
|
struct fq_tin *,
|
|
struct fq_flow *,
|
|
struct sk_buff *,
|
|
void *);
|
|
|
|
typedef struct fq_flow *fq_flow_get_default_t(struct fq *,
|
|
struct fq_tin *,
|
|
int idx,
|
|
struct sk_buff *);
|
|
|
|
#endif
|