git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eric Dumazet <edumazet@google.com>
	Mon, 2 Mar 2026 20:55:27 +0000 (20:55 +0000)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 5 Mar 2026 01:44:35 +0000 (17:44 -0800)
commit	165573e41f2f66ef98940cf65f838b2cb575d9d1
tree	74427cfae505c0669a61173dd43b6f971f4f7786	tree \| snapshot
parent	7f083faf59d14c04e01ec05a7507f036c965acf8	commit \| diff

tcp: secure_seq: add back ports to TS offset

This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")

tcp_tw_recycle went away in 2017.

Zhouyan Deng reported off-path TCP source port leakage via
SYN cookie side-channel that can be fixed in multiple ways.

One of them is to bring back TCP ports in TS offset randomization.

As a bonus, we perform a single siphash() computation
to provide both an ISN and a TS offset.

Fixes: 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")
Reported-by: Zhouyan Deng <dengzhouyan_nwpu@163.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Acked-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20260302205527.1982836-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

include/net/secure_seq.h		diff \| blob \| blame \| history
include/net/tcp.h		diff \| blob \| blame \| history
net/core/secure_seq.c		diff \| blob \| blame \| history
net/ipv4/syncookies.c		diff \| blob \| blame \| history
net/ipv4/tcp_input.c		diff \| blob \| blame \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| blame \| history
net/ipv6/syncookies.c		diff \| blob \| blame \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| blame \| history