Re: [PATCH v3 net 0/7] insufficient TCP source port randomness

[patchwork-bot+netdevbpf@kernel.org]

Hello:

This series was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Mon,  2 May 2022 10:46:07 +0200 you wrote:
> Hi,
> 
> In a not-yet published paper, Moshe Kol, Amit Klein, and Yossi Gilad
> report being able to accurately identify a client by forcing it to emit
> only 40 times more connections than the number of entries in the
> table_perturb[] table, which is indexed by hashing the connection tuple.
> The current 2^8 setting allows them to perform that attack with only 10k
> connections, which is not hard to achieve in a few seconds.
> 
> [...]

Here is the summary with links:
  - [v3,net,1/7] secure_seq: use the 64 bits of the siphash for port offset calculation
    https://git.kernel.org/netdev/net/c/b2d057560b81
  - [v3,net,2/7] tcp: use different parts of the port_offset for index and offset
    https://git.kernel.org/netdev/net/c/9e9b70ae923b
  - [v3,net,3/7] tcp: resalt the secret every 10 seconds
    https://git.kernel.org/netdev/net/c/4dfa9b438ee3
  - [v3,net,4/7] tcp: add small random increments to the source port
    https://git.kernel.org/netdev/net/c/ca7af0402550
  - [v3,net,5/7] tcp: dynamically allocate the perturb table used by source ports
    https://git.kernel.org/netdev/net/c/e9261476184b
  - [v3,net,6/7] tcp: increase source port perturb table to 2^16
    https://git.kernel.org/netdev/net/c/4c2c8f03a5ab
  - [v3,net,7/7] tcp: drop the hash_32() part from the index calculation
    https://git.kernel.org/netdev/net/c/e8161345ddbb

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html