From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Fri, 22 Jul 2011 04:25:58 +0000 (-0700)
Subject: ipv6: make fragment identifications less predictable
X-Git-Tag: v3.1-rc1~316^2~9
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87c48fa3b4630905f98268dde838ee43626a060c;p=pandora-kernel.git

ipv6: make fragment identifications less predictable

IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.

Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)

This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameter

Reported-by: Fernando Gont <fernando@gont.com.ar>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed