Thread (24 messages) 24 messages, 3 authors, 2012-02-12

Re: [B.A.T.M.A.N.] [PATCH 3/8] batman-adv: randomize initial seqno to avoid collision

From: Andrew Lunn <andrew@lunn.ch>
Date: 2012-02-07 12:46:20 

On Tue, Feb 07, 2012 at 08:21:55PM +0800, Marek Lindner wrote:
On Tuesday, February 07, 2012 20:12:00 Andrew Lunn wrote:
quoted
Does this sequence number have any security relevance? Does it make
sense to use the TCP sequence number generation code?
There is no security relevance I know of. The idea was simply to start with 
random number. Random is a bit better than 1.  ;-)

Where can I find the TCP sequence number code you are referring to ?
I had to go find it, since i've never looked at it before.

net/core/secure_seq.c:

__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
                                 __be16 sport, __be16 dport)

but it does not look very re-usable, since it takes all these
addresses. What might be usable is:

__u32 secure_ip_id(__be32 daddr)
{
        u32 hash[MD5_DIGEST_WORDS];

        hash[0] = (__force __u32) daddr;
        hash[1] = net_secret[13];
        hash[2] = net_secret[14];
        hash[3] = net_secret[15];

        md5_transform(hash, net_secret);

        return hash[0];
}

passing it the last four bytes of the originator MAC address?

	Andrew
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help