• Eric Dumazet's avatar
    inet: stop leaking jiffies on the wire · a904a069
    Eric Dumazet authored
    Historically linux tried to stick to RFC 791, 1122, 2003
    for IPv4 ID field generation.
    
    RFC 6864 made clear that no matter how hard we try,
    we can not ensure unicity of IP ID within maximum
    lifetime for all datagrams with a given source
    address/destination address/protocol tuple.
    
    Linux uses a per socket inet generator (inet_id), initialized
    at connection startup with a XOR of 'jiffies' and other
    fields that appear clear on the wire.
    
    Thiemo Nagel pointed that this strategy is a privacy
    concern as this provides 16 bits of entropy to fingerprint
    devices.
    
    Let's switch to a random starting point, this is just as
    good as far as RFC 6864 is concerned and does not leak
    anything critical.
    
    Fixes: 1da177e4 ("Linux-2.6.12-rc2")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarThiemo Nagel <tnagel@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    a904a069
chtls_cm.c 51.9 KB