Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv4
History
Eric Dumazet 165573e41f tcp: secure_seq: add back ports to TS offset 
This reverts 28ee1b746f ("secure_seq: downgrade to per-host timestamp offsets")

tcp_tw_recycle went away in 2017.

Zhouyan Deng reported off-path TCP source port leakage via
SYN cookie side-channel that can be fixed in multiple ways.

One of them is to bring back TCP ports in TS offset randomization.

As a bonus, we perform a single siphash() computation
to provide both an ISN and a TS offset.

Fixes: 28ee1b746f ("secure_seq: downgrade to per-host timestamp offsets")
Reported-by: Zhouyan Deng <dengzhouyan_nwpu@163.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Acked-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20260302205527.1982836-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2026-03-04 17:44:35 -08:00
..
netfilter
Kconfig net/tcp-md5: Fix MAC comparison to be constant-time 2026-03-03 18:39:43 -08:00
Makefile
af_inet.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
ah4.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
arp.c
bpf_tcp_ca.c
cipso_ipv4.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
datagram.c
devinet.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
esp4.c
esp4_offload.c
fib_frontend.c
fib_lookup.h
fib_notifier.c
fib_rules.c
fib_semantics.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
fib_trie.c
fou_bpf.c
fou_core.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
fou_nl.c
fou_nl.h
gre_demux.c
gre_offload.c
icmp.c ipv4: icmp: icmpv4_xrlim_allow() optimization if net.ipv4.icmp_ratelimit is zero 2026-02-18 16:46:36 -08:00
igmp.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
igmp_internal.h
inet_connection_sock.c
inet_diag.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
inet_fragment.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
inet_hashtables.c inet: annotate data-races around isk->inet_num 2026-02-27 17:16:59 -08:00
inet_timewait_sock.c
inetpeer.c
ip_forward.c
ip_fragment.c
ip_gre.c
ip_input.c
ip_options.c
ip_output.c
ip_sockglue.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
ip_tunnel.c
ip_tunnel_core.c
ip_vti.c
ipcomp.c
ipconfig.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
ipip.c
ipmr.c
ipmr_base.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
metrics.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
netfilter.c
netlink.c
nexthop.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
ping.c
proc.c
protocol.c
raw.c
raw_diag.c
route.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
syncookies.c tcp: secure_seq: add back ports to TS offset 2026-03-04 17:44:35 -08:00
sysctl_net_ipv4.c net: ipv4: fix ARM64 alignment fault in multipath hash seed 2026-03-03 17:20:37 -08:00
tcp.c net/tcp-md5: Fix MAC comparison to be constant-time 2026-03-03 18:39:43 -08:00
tcp_ao.c net/tcp-ao: Fix MAC comparison to be constant-time 2026-03-03 17:16:54 -08:00
tcp_bbr.c
tcp_bic.c
tcp_bpf.c net: annotate data-races around sk->sk_{data_ready,write_space} 2026-02-26 19:23:03 -08:00
tcp_cdg.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
tcp_cong.c
tcp_cubic.c
tcp_dctcp.c
tcp_dctcp.h
tcp_diag.c inet: annotate data-races around isk->inet_num 2026-02-27 17:16:59 -08:00
tcp_fastopen.c Including fixes from IPsec, Bluetooth and netfilter 2026-02-26 08:00:13 -08:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: secure_seq: add back ports to TS offset 2026-03-04 17:44:35 -08:00
tcp_ipv4.c tcp: secure_seq: add back ports to TS offset 2026-03-04 17:44:35 -08:00
tcp_lp.c
tcp_metrics.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
tcp_minisocks.c net: annotate data-races around sk->sk_{data_ready,write_space} 2026-02-26 19:23:03 -08:00
tcp_nv.c
tcp_offload.c
tcp_output.c
tcp_plb.c
tcp_recovery.c
tcp_scalable.c
tcp_sigpool.c
tcp_timer.c
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. 2026-02-28 07:46:24 -08:00
udp_bpf.c net: annotate data-races around sk->sk_{data_ready,write_space} 2026-02-26 19:23:03 -08:00
udp_diag.c
udp_impl.h
udp_offload.c
udp_tunnel_core.c
udp_tunnel_nic.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
udp_tunnel_stub.c
udplite.c udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). 2026-02-20 16:14:10 -08:00
xfrm4_input.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c