git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Dumazet <edumazet@google.com>
	Mon, 2 Mar 2026 20:55:27 +0000 (20:55 +0000)
committer	Sasha Levin <sashal@kernel.org>
	Thu, 12 Mar 2026 11:09:56 +0000 (07:09 -0400)
commit	46e5b0d7cf55821527adea471ffe52a5afbd9caf
tree	2fbc0b9796a9e688bb9d590990e7c5b946428fc1	tree \| snapshot
parent	c69df4e0524f8de8e176ba389acd83e85f5f49d0	commit \| diff

tcp: secure_seq: add back ports to TS offset

[ Upstream commit 165573e41f2f66ef98940cf65f838b2cb575d9d1 ]

This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")

tcp_tw_recycle went away in 2017.

Zhouyan Deng reported off-path TCP source port leakage via
SYN cookie side-channel that can be fixed in multiple ways.

One of them is to bring back TCP ports in TS offset randomization.

As a bonus, we perform a single siphash() computation
to provide both an ISN and a TS offset.

Fixes: 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")
Reported-by: Zhouyan Deng <dengzhouyan_nwpu@163.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Acked-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20260302205527.1982836-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/secure_seq.h		diff \| blob \| blame \| history
include/net/tcp.h		diff \| blob \| blame \| history
net/core/secure_seq.c		diff \| blob \| blame \| history
net/ipv4/syncookies.c		diff \| blob \| blame \| history
net/ipv4/tcp_input.c		diff \| blob \| blame \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| blame \| history
net/ipv6/syncookies.c		diff \| blob \| blame \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| blame \| history