]> Git Repo - linux.git/commit
projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eb9da2c) | patch
inet: use bigger hash table for IP ID generation
authorEric Dumazet <[email protected]>
Wed, 24 Mar 2021 21:53:37 +0000 (14:53 -0700)
committerDavid S. Miller <[email protected]>
Wed, 24 Mar 2021 23:45:11 +0000 (16:45 -0700)
commitaa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
tree45bdeb0eb725335acc1c5f3f6d91a9f76801d7a1tree | snapshot
parenteb9da2c1b60390802c48354f7d5c644c26a9e56fcommit | diff
inet: use bigger hash table for IP ID generation

In commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count")
I used a very small hash table that could be abused
by patient attackers to reveal sensitive information.

Switch to a dynamic sizing, depending on RAM size.

Typical big hosts will now use 128x more storage (2 MB)
to get a similar increase in security and reduction
of hash collisions.

As a bonus, use of alloc_large_system_hash() spreads
allocated memory among all NUMA nodes.

Fixes: 73f156a6e8c1 ("inetpeer: get rid of ip_id_count")
Reported-by: Amit Klein <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Willy Tarreau <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
net/ipv4/route.c diff | blob | blame | history
Empty description
This page took 0.051958 seconds and 4 git commands to generate.