Jonathan T. Looney 5d9bd45518 Improve hashing of IPv4 fragments.
Currently, IPv4 fragments are hashed into buckets based on a 32-bit
key which is calculated by (src_ip ^ ip_id) and combined with a random
seed. However, because an attacker can control the values of src_ip
and ip_id, it is possible to construct an attack which causes very
deep chains to form in a given bucket.

To ensure more uniform distribution (and lower predictability for
an attacker), calculate the hash based on a key which includes all
the fields we use to identify a reassembly queue (dst_ip, src_ip,
ip_id, and the ip protocol) as well as a random seed.

Reviewed by:	jhb
Security:	FreeBSD-SA-18:10.ip
Security:	CVE-2018-6923
2018-08-14 17:15:47 +00:00
..
2018-08-14 16:01:25 +00:00
2018-08-13 16:26:26 +00:00
2018-08-13 06:40:20 +00:00
2018-08-11 19:21:53 +00:00
2018-08-05 11:14:13 +00:00
2018-08-14 16:22:14 +00:00
2018-08-10 15:16:30 +00:00
2018-08-14 14:50:06 +00:00