/openbmc/linux/include/linux/ |
H A D | sock_diag.h | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
/openbmc/linux/net/core/ |
H A D | sock_diag.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | sock.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
/openbmc/linux/include/net/ |
H A D | inet_timewait_sock.h | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | inet_sock.h | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | net_namespace.h | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | sock.h | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
/openbmc/linux/net/ipv4/ |
H A D | inet_timewait_sock.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | syncookies.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | inet_diag.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | inet_connection_sock.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
H A D | tcp_input.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
/openbmc/linux/net/dccp/ |
H A D | ipv4.c | 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies
A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies.
1) It is a security concern.
2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow.
3) request sock, establish sock, and timewait socks for a given flow have different cookies.
Part of our effort to bring better TCP statistics requires to switch to a different allocator.
In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed)
Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 33cf7c90 Wed Mar 11 20:53:14 CDT 2015 Eric Dumazet <edumazet@google.com> net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|