Google Git
Sign in
kernel / pub / scm / linux / kernel / git / palmer / linux / 4dfa9b438ee34caca4e6a4e5e961641807367f6f
commit4dfa9b438ee34caca4e6a4e5e961641807367f6f[log] [tgz]
authorEric Dumazet <edumazet@google.com>Mon May 02 10:46:10 2022 +0200
committerJakub Kicinski <kuba@kernel.org>Wed May 04 19:22:21 2022 -0700
tree984d6cdbe8afca38457c885a6456e13bf7c87750
parent9e9b70ae923baf2b5e8a0ea4fd0c8451801ac526 [diff]
tcp: resalt the secret every 10 seconds

In order to limit the ability for an observer to recognize the source
ports sequence used to contact a set of destinations, we should
periodically shuffle the secret. 10 seconds looks effective enough
without causing particular issues.

Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
1 file changed
tree: 984d6cdbe8afca38457c885a6456e13bf7c87750
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README