d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys
History
Jonathan T. Looney 5d9bd45518 Improve hashing of IPv4 fragments. 
Currently, IPv4 fragments are hashed into buckets based on a 32-bit
key which is calculated by (src_ip ^ ip_id) and combined with a random
seed. However, because an attacker can control the values of src_ip
and ip_id, it is possible to construct an attack which causes very
deep chains to form in a given bucket.

To ensure more uniform distribution (and lower predictability for
an attacker), calculate the hash based on a key which includes all
the fields we use to identify a reassembly queue (dst_ip, src_ip,
ip_id, and the ip protocol) as well as a random seed.

Reviewed by:	jhb
Security:	FreeBSD-SA-18:10.ip
Security:	CVE-2018-6923
2018-08-14 17:15:47 +00:00
..
amd64
Reserve page at the physical address zero on amd64.
2018-08-14 17:14:33 +00:00
arm
Remove cpu_pfr from arm. It's unused.
2018-08-14 16:01:25 +00:00
arm64
Add support to the Marvell Xenon SDHCI controller.
2018-08-14 16:33:30 +00:00
bsm
cam
Create xpt_sim_poll and refactor a bit using it.
2018-08-13 19:59:32 +00:00
cddl
MFV/ZoL: Add dbuf hash and dbuf cache kstats
2018-08-12 03:15:30 +00:00
compat
Use atomic_fcmpset_XXX() instead of atomic_cmpset_XXX() when possible
2018-08-09 09:39:32 +00:00
conf
Add support to the Marvell Xenon SDHCI controller.
2018-08-14 16:33:30 +00:00
contrib
Merge ACPICA 20180810.
2018-08-13 16:26:26 +00:00
crypto
ddb
add an option for ddb ps command to print process arguments
2018-08-09 11:21:31 +00:00
dev
Add support to the Marvell Xenon SDHCI controller.
2018-08-14 16:33:30 +00:00
dts
fs
Assorted fixes to handling of LayoutRecall callbacks, mostly error handling.
2018-08-08 20:21:45 +00:00
gdb
geom
gnu
Import DTS files from Linux 4.18
2018-08-13 06:40:20 +00:00
i386
Implement kernel support for early loading of Intel microcode updates.
2018-08-13 17:13:09 +00:00
isa
kern
Eliminate a redundant assignment.
2018-08-11 19:21:53 +00:00
kgssapi
libkern
mips
Query MVPConf0.PVPE for number of CPUs.
2018-08-14 16:29:10 +00:00
modules
uep(4): add evdev support
2018-08-05 11:14:13 +00:00
net
lagg: allow lacp to manage the link state
2018-08-13 14:13:25 +00:00
net80211
Fix misspellings of transmitter/transmitted
2018-08-10 20:37:32 +00:00
netgraph
Use if_tunnel_check_nesting() for ng_iface(4).
2018-08-03 22:55:58 +00:00
netinet
Improve hashing of IPv4 fragments.
2018-08-14 17:15:47 +00:00
netinet6
Use a macro to set the assoc state. I missed this in r337706.
2018-08-14 08:33:47 +00:00
netipsec
netpfil
pf: Take the IF_ADDR_RLOCK() when iterating over the group list
2018-08-11 16:37:55 +00:00
netsmb
nfs
nfsclient
nfsserver
nlm
ofed
opencrypto
powerpc
powerpc: Add lwsync and ptesync 'sync' opcode variants to ddb disassembler
2018-08-10 03:28:40 +00:00
riscv
Remove unused code.
2018-08-14 16:22:14 +00:00
rpc
security
sparc64
sys
Bring in timespce_get form NetBSD.
2018-08-10 15:16:30 +00:00
teken
tests
tools
ufs
Put in place the framework for consolodating contiguous blocks into
2018-08-06 21:09:11 +00:00
vm
Prevent some parallel swap-ins, rate-limit swapper swap-ins.
2018-08-13 16:48:46 +00:00
x86
Explain why we aren't using memcpy().
2018-08-14 14:50:06 +00:00
xdr
xen
Makefile