cregit-Linux how code gets into the kernel

Release 4.14 net/core/secure_seq.c

Directory: net/core
/*
 * Copyright (C) 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 */

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/cryptohash.h>
#include <linux/module.h>
#include <linux/cache.h>
#include <linux/random.h>
#include <linux/hrtimer.h>
#include <linux/ktime.h>
#include <linux/string.h>
#include <linux/net.h>
#include <linux/siphash.h>
#include <net/secure_seq.h>

#if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
#include <linux/in6.h>
#include <net/tcp.h>


static siphash_key_t net_secret __read_mostly;

static siphash_key_t ts_secret __read_mostly;


static __always_inline void net_secret_init(void) { net_get_random_once(&net_secret, sizeof(net_secret)); }

Contributors

PersonTokensPropCommitsCommitProp
David S. Miller630.00%112.50%
Florian Westphal630.00%112.50%
Eric Dumazet525.00%337.50%
Hannes Frederic Sowa210.00%225.00%
Jason A. Donenfeld15.00%112.50%
Total20100.00%8100.00%


static __always_inline void ts_secret_init(void) { net_get_random_once(&ts_secret, sizeof(ts_secret)); }

Contributors

PersonTokensPropCommitsCommitProp
Eric Dumazet1365.00%240.00%
David S. Miller315.00%120.00%
Florian Westphal315.00%120.00%
Hannes Frederic Sowa15.00%120.00%
Total20100.00%5100.00%

#endif #ifdef CONFIG_INET
static u32 seq_scale(u32 seq) { /* * As close as possible to RFC 793, which * suggests using a 250 kHz clock. * Further reading shows this assumes 2 Mb/s networks. * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate. * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but * we also need to limit the resolution so that the u32 seq * overlaps less than one time per MSL (2 minutes). * Choosing a clock of 64 ns period is OK. (period of 274 s) */ return seq + (ktime_get_real_ns() >> 6); }

Contributors

PersonTokensPropCommitsCommitProp
David S. Miller1995.00%150.00%
Eric Dumazet15.00%150.00%
Total20100.00%2100.00%

#endif #if IS_ENABLED(CONFIG_IPV6)
u32 secure_tcpv6_ts_off(const struct net *net, const __be32 *saddr, const __be32 *daddr) { const struct { struct in6_addr saddr; struct in6_addr daddr; } __aligned(SIPHASH_ALIGNMENT) combined = { .saddr = *(struct in6_addr *)saddr, .daddr = *(struct in6_addr *)daddr, }; if (net->ipv4.sysctl_tcp_timestamps != 1) return 0; ts_secret_init(); return siphash(&combined, offsetofend(typeof(combined), daddr), &ts_secret); }

Contributors

PersonTokensPropCommitsCommitProp
Florian Westphal8686.87%133.33%
Eric Dumazet1313.13%266.67%
Total99100.00%3100.00%

EXPORT_SYMBOL(secure_tcpv6_ts_off);
u32 secure_tcpv6_seq(const __be32 *saddr, const __be32 *daddr, __be16 sport, __be16 dport) { const struct { struct in6_addr saddr; struct in6_addr daddr; __be16 sport; __be16 dport; } __aligned(SIPHASH_ALIGNMENT) combined = { .saddr = *(struct in6_addr *)saddr, .daddr = *(struct in6_addr *)daddr, .sport = sport, .dport = dport }; u32 hash; net_secret_init(); hash = siphash(&combined, offsetofend(typeof(combined), dport), &net_secret); return seq_scale(hash); }

Contributors

PersonTokensPropCommitsCommitProp
Jason A. Donenfeld6457.14%116.67%
David S. Miller4136.61%116.67%
Eric Dumazet65.36%350.00%
Florian Westphal10.89%116.67%
Total112100.00%6100.00%

EXPORT_SYMBOL(secure_tcpv6_seq);
u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 dport) { const struct { struct in6_addr saddr; struct in6_addr daddr; __be16 dport; } __aligned(SIPHASH_ALIGNMENT) combined = { .saddr = *(struct in6_addr *)saddr, .daddr = *(struct in6_addr *)daddr, .dport = dport }; net_secret_init(); return siphash(&combined, offsetofend(typeof(combined), dport), &net_secret); }

Contributors

PersonTokensPropCommitsCommitProp
Jason A. Donenfeld5459.34%150.00%
David S. Miller3740.66%150.00%
Total91100.00%2100.00%

EXPORT_SYMBOL(secure_ipv6_port_ephemeral); #endif #ifdef CONFIG_INET
u32 secure_tcp_ts_off(const struct net *net, __be32 saddr, __be32 daddr) { if (net->ipv4.sysctl_tcp_timestamps != 1) return 0; ts_secret_init(); return siphash_2u32((__force u32)saddr, (__force u32)daddr, &ts_secret); }

Contributors

PersonTokensPropCommitsCommitProp
Florian Westphal3975.00%133.33%
Eric Dumazet1325.00%266.67%
Total52100.00%3100.00%

/* secure_tcp_seq_and_tsoff(a, b, 0, d) == secure_ipv4_port_ephemeral(a, b, d), * but fortunately, `sport' cannot be 0 in any circumstances. If this changes, * it would be easy enough to have the former function use siphash_4u32, passing * the arguments as separate u32. */
u32 secure_tcp_seq(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport) { u32 hash; net_secret_init(); hash = siphash_3u32((__force u32)saddr, (__force u32)daddr, (__force u32)sport << 16 | (__force u32)dport, &net_secret); return seq_scale(hash); }

Contributors

PersonTokensPropCommitsCommitProp
David S. Miller4977.78%120.00%
Jason A. Donenfeld812.70%120.00%
Eric Dumazet57.94%240.00%
Florian Westphal11.59%120.00%
Total63100.00%5100.00%


u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) { net_secret_init(); return siphash_3u32((__force u32)saddr, (__force u32)daddr, (__force u16)dport, &net_secret); }

Contributors

PersonTokensPropCommitsCommitProp
David S. Miller3276.19%133.33%
Jason A. Donenfeld716.67%133.33%
Eric Dumazet37.14%133.33%
Total42100.00%3100.00%

EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral); #endif #if IS_ENABLED(CONFIG_IP_DCCP)
u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport) { u64 seq; net_secret_init(); seq = siphash_3u32((__force u32)saddr, (__force u32)daddr, (__force u32)sport << 16 | (__force u32)dport, &net_secret); seq += ktime_get_real_ns(); seq &= (1ull << 48) - 1; return seq; }

Contributors

PersonTokensPropCommitsCommitProp
David S. Miller5066.67%120.00%
Eric Dumazet1722.67%360.00%
Jason A. Donenfeld810.67%120.00%
Total75100.00%5100.00%

EXPORT_SYMBOL(secure_dccp_sequence_number); #if IS_ENABLED(CONFIG_IPV6)
u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr, __be16 sport, __be16 dport) { const struct { struct in6_addr saddr; struct in6_addr daddr; __be16 sport; __be16 dport; } __aligned(SIPHASH_ALIGNMENT) combined = { .saddr = *(struct in6_addr *)saddr, .daddr = *(struct in6_addr *)daddr, .sport = sport, .dport = dport }; u64 seq; net_secret_init(); seq = siphash(&combined, offsetofend(typeof(combined), dport), &net_secret); seq += ktime_get_real_ns(); seq &= (1ull << 48) - 1; return seq; }

Contributors

PersonTokensPropCommitsCommitProp
Jason A. Donenfeld6452.46%125.00%
David S. Miller5545.08%125.00%
Eric Dumazet32.46%250.00%
Total122100.00%4100.00%

EXPORT_SYMBOL(secure_dccpv6_sequence_number); #endif #endif

Overall Contributors

PersonTokensPropCommitsCommitProp
David S. Miller37043.68%14.55%
Jason A. Donenfeld21625.50%14.55%
Florian Westphal14316.88%313.64%
Eric Dumazet8710.27%1045.45%
Fabio Estevam131.53%14.55%
Hannes Frederic Sowa60.71%29.09%
Stephen Boyd50.59%14.55%
Patrick McHardy50.59%14.55%
Alexey Kodanev10.12%14.55%
Igor Maravić10.12%14.55%
Total847100.00%22100.00%
Directory: net/core
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.
Created with cregit.