From: David Ahern <dsahern@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>,
"David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>
Cc: netdev <netdev@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>, Willy Tarreau <w@1wt.eu>,
Keyu Man <kman001@ucr.edu>, David Ahern <dsahern@kernel.org>,
Wei Wang <weiwan@google.com>, Martin KaFai Lau <kafai@fb.com>
Subject: Re: [PATCH net 1/2] ipv6: make exception cache less predictible
Date: Sun, 29 Aug 2021 17:39:17 -0700 [thread overview]
Message-ID: <7c8bdee5-66cf-996e-eaea-db3aee6f0d5f@gmail.com> (raw)
In-Reply-To: <20210829221615.2057201-2-eric.dumazet@gmail.com>
On 8/29/21 3:16 PM, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> Even after commit 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()"),
> an attacker can still use brute force to learn some secrets from a victim
> linux host.
>
> One way to defeat these attacks is to make the max depth of the hash
> table bucket a random value.
>
> Before this patch, each bucket of the hash table used to store exceptions
> could contain 6 items under attack.
>
> After the patch, each bucket would contains a random number of items,
> between 6 and 10. The attacker can no longer infer secrets.
>
> This is slightly increasing memory size used by the hash table,
> we do not expect this to be a problem.
>
> Following patch is dealing with the same issue in IPv4.
>
> Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Keyu Man <kman001@ucr.edu>
> Cc: Wei Wang <weiwan@google.com>
> Cc: Martin KaFai Lau <kafai@fb.com>
> ---
> net/ipv6/route.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
Reviewed-by: David Ahern <dsahern@kernel.org>
next prev parent reply other threads:[~2021-08-30 0:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-29 22:16 [PATCH net 0/2] inet: make exception handling less predictible Eric Dumazet
2021-08-29 22:16 ` [PATCH net 1/2] ipv6: make exception cache " Eric Dumazet
2021-08-30 0:39 ` David Ahern [this message]
2021-08-30 15:54 ` Wei Wang
2021-08-29 22:16 ` [PATCH net 2/2] ipv4: " Eric Dumazet
2021-08-30 0:40 ` David Ahern
2021-08-30 18:04 ` [PATCH net 0/2] inet: make exception handling " Keyu Man
-- strict thread matches above, loose matches on Subject: below --
2021-08-30 2:39 [PATCH net 2/2] ipv4: make exception cache " kernel test robot
2021-08-30 11:34 ` Dan Carpenter
2021-08-30 11:34 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7c8bdee5-66cf-996e-eaea-db3aee6f0d5f@gmail.com \
--to=dsahern@gmail.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=kafai@fb.com \
--cc=kman001@ucr.edu \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=w@1wt.eu \
--cc=weiwan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.